PM-Kisan website security vulnerability risked 11 crore farmers' Aadhaar IDs

Just a few months before the 2019 general elections in February, Prime Minister Narendra Modi-led government launched the flagship Pradhan Mantri Kisan Samman Nidhi Yojana (aka PM Kisan scheme) to offer monetary benefits for farmers in the country.

. Since the launch, more than 11 crore (110 million) citizens have enrolled with Aadhaar number ID on the PM Kisan website.

. Now, it has come to light that the website had a security loophole and may have compromised the social security Aadhaar number of the farmers.

. Due to a lack of proper authorization protocol in the PM-Kisan website, an endpoint connected to the user database was left vulnerable to attack from bad actors. Even those with knowledge of coding could have written a programme to scrape all the Aadhaar numbers, independent cyber security expert Atul Nair said on his blog.

. PM-Kisan website has a dashboard that offers simple-to-understand information such as the number of farmers enrolled in the scheme and a breakdown of details including villages, districts, and states.

. All eligible farmers get Rs 6,000 in three installments (Rs 2,000 once in four months) annually.

. "My father is a farmer and he benefits from the PM Kisan Yojana. So while using the website, I saw the dashboard feature. Being a security researcher, I thought to check out the feature for security issues. There is no monetary benefit in it. I just wanted to make it secure, and CERT-In did a great job in responding and fixing the issue," Kannur-based Atul Nair told DH on how he came across the security loophole in the PM-Kisan website.

. Nair earlier this year on January 29 promptly reported the security issue with CERT-In (Indian Computer Emergency Response Team). The latter responded with an acknowledgment of the issue on January 31.

. In the following month, CERT-In gave an update that the aforementioned issue has been escalated to the concerned department and it was finally fixed in May.

. So far, there are no reports of leakage of farmers' Aadhaar card details.

. Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.

PM-Kisan website security vulnerability risked 11 crore farmers' Aadhaar IDs

Follow us on :

Follow Us