India's National ID Database Pwned Yet Again

It's been just a week into 2018, and the entire internet is overflowing with reports of cyber attacks, and India has become one of the major victims.

Despite affirmation from the Indian Govt. about the security of Aadhaar details, recently, a journalist from The Tribune has reported a major data breach of Aadhaar details of nearly 1.2 billion Indian citizens. According to the journalist, it was an investigation led by The Tribune and it has revealed a nasty truth - anyone could get unrestricted access to over one billion Aadhaar details for just Rs. 500.

The journalist also said that he purchased unrestricted access to Aadhaar details from an anonymous seller over WhatsApp. And just after paying via Paytm, it took only 10 minutes to get access to all the Aadhaar details and become the admin.

The worst part is not over, there is more to it.

Once someone becomes an admin, he/she can make ANYONE an admin of the portal. Whether an Indian, a foreign national, none of it matters – the Aadhaar database won’t shoot a single question. Also, The Tribune reporter said that by paying just Rs 300 more, the publication was also able to buy software that could enable anyone to print Aadhaar cards of any Indian citizen after entering the Aadhaar number.

The Unique Identification Authority of India (UIDAI) denied all the claims, assuring that the biometric and personal data in their database is safe. Also, UIDAI which handles and manages the Aadhaar system said The Tribune had accessed only limited details by using a search facility that had been made available to government officials.

“Tribune’s Story “Rs 500, 10 minutes, and you have access to billion Aadhaar details” is a case of misreporting. No biometric data breach,” UIDAI tweeted. “Some persons have misused demographic search facility, given to designated officials to help residents who have lost Aadhaar/Enrollment slip to retrieve their details.”