Indian state government leaks thousands of Aadhaar numbers

[InfoSec News <alerts () infosecnews org>]

https://techcrunch.com/2019/01/31/aadhaar-data-leak/

By Zack Whittaker
TechCrunch
1/31/2019

A lapse in security has led to the leaking of over a hundred thousand 
Aadhaar numbers, TechCrunch can reveal.

One of the web systems used to record attendance of government workers for 
the Indian state of Jharkhand was left exposed and without a password as 
far back as 2014, allowing anyone access to names, job titles, and partial 
phone numbers on 166,000 workers as of the time of writing.

But the photo on each record page used the file name as that worker’s 
Aadhaar number, a confidential 12-digit number assigned to each Indian 
citizen as part of the country’s national identity and biometric database.

The data leak isn’t a direct breach of the central database run by 
Aadhaar’s regulator, the Unique Identification Authority of India (UIDAI), 
but represents another lapse in responsibility from the authority charged 
with protecting its data.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_