Aadhaar data of 67L users exposed on Indane site

Aadhaar data of 67L users exposed on Indane site

DH Photo

In another case of Aadhaar numbers and details being compromised due to lax security, State-run LPG gas company has allegedly left exposed some parts of its website that is meant for dealers and distributors. More than 67 lakh users' data could be compromised as a result of this. 

French security researcher Baptiste Robert, who goes by the online handle Elliot Alderson, had posted this on his Twitter account. He said that these pages were only to be accessed with an username and password. This security lapse has resulted in the website being picked up by Google and allowing anyone to get access to dealer databases.

The Frenchman has investigated and exposed several lapses that have taken place but Aadhaar’s regulator, the Unique Identification Authority of India (UIDAI), has repeatedly dismissed reports of security being compromised.

Robert reveals in his blog post that he found 5.8 million Indane customer records before his script was blocked. 

His revelation says:

This page contains a lot of juicy information:

- The hyperlink associated to the “Consumer No” contains a parameter called “aadhar_no”
- The “Consumer Name”
- The “Consumer Address”
- On the bottom right we have the “Total Records”
- In the url, there is a parameter called dealerID

His website also shows screenshots of Indane’s exposed website and they mention consumer numbers and other details like their LPG ID, names, addresses among others.