Hacker Goes beyond Biometric Ways
January 5, 2018 by

India’s National ID Database of 1.2 Billion People Breached for $8

An Indian news publication has reported that the government’s biggest citizen database, a register that holds the data of nearly 1.2 billion people, can be compromised for as little as $8.

Local Indian newspaper The Tribune has, in a published report, claimed one of its reporters paid approximately $8 to an individual with the pseudonym Anil Kumar to get in access to Aadhaar, the centralized database operated by the government. After getting in touch with Kumar over social messaging platform Whatsapp, the individual was able to create a username and password that essentially gave access to the demographic information of some 1.2 billion Indians currently enrolled in Aadhaar. Credentials could be ascertained by simply entering an individual’s 12-digit Aadhaar number.

Officials at the Unique Identification Authority of India (UIDAI), the government agency tasked to operate Aadhaar, described the intrusion as a “major national security breach” that was highly “illegal”.

“We have been warning for a while about the single access problem with the design of the [Aadhaar server],” said Meghnad S, a vehement Aadhaar critic.

A separate report by Indian news publication Quint revealed that any person would be able to create an administrator account allowing them access to the Aadhaar database, as long as they’re invited by an existing administrator.

“The government in India will need to assess how much data was accessed by unauthorized parties, who was responsible, and now what actions should be taken to protect impacted parties,” security researcher Troy Hunt toold BuzzFeed.

For its part, India’s ruling government dismissed the reports as “fake news”, stating that the “Aadhaar data including biometric information is fully safe and secure”. Journalists accessing the database had “misused” their credentials otherwise only available to government officials, read a statement from the UIDAI.

Image credit: LIFARS archives.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

US Health Department Outlines Breach Notification Guidelines

The US Department of Health & Human Services (HHS) has clarified its requirements for entities...

Read more arrow_forward

Delta Airlines Admits to Data Breach of ‘Several Hundred Thousand' Customers

Major airline operator Delta has said that a cyberattack targeting a third-party contractor has...

Read more arrow_forward

Panera Bread Breach Could Affect Over 37 Million Customer Records

Popular bakery chain Panera Bread has been leaking millions of customer records in the for at least...

Read more arrow_forward