Aadhaar Data Leak by Indane Gas Company | 6.7 Million Customers Affected
French security researcher, Elliot Alderson, who exposed Aadhaar data leak in the past, has found that Aadhaar data of 6.7 million dealers and distributors have been leaked. This time the aadhaar data leak involve the Indian Oil Corporation owned gas agency Indane. The leak has put Aadhaar number of 6.7 million people at stake. Elliot mentioned that the Aadhaar data of nearly 6.7 million dealers and distributors of Indane, accessible only with a valid username and password, was left exposed.
“Due to a lack of authentication in the local dealers portal, Indane is leaking the names, addresses and the Aadhaar numbers of their customers,” said Alderson.
— Elliot Alderson (@fs0c131y) February 19, 2019
According to a report from TechCrunch, Indane Gas has apparently leaked the data of around 6.7 million subscribers through its website and app. The leak was discovered by an anonymous security researcher and was informed to Elliot Anderson (Robert Baptiste). Anderson has been investigating several leaks regarding the Aadhaar system for quite some time and is known to expose some of the biggest Aadhaar data leak last year. Indane has around 90 million total customers across India.
“I wrote the python script. By running this script, it gives us 11062 valid dealer ids. After more than 1 day, my script tested 9,490 dealers and found that a total of 5,826,116 Indane customers are affected by this leak,” he wrote in a blog post. “Unfortunately, Indane probably blocked my IP, so I didn’t test the remaining 1,572 dealers. By doing some basic math we can estimate the final number of affected customers around 6,791,200,” Alderson added.
Well this is the second time that Aadhaar Data Leak had surfaced putting at stake the personal details of 6.7 million customers. The details available, for anyone looking in the right place, included Aadhaar numbers, names, job titles, email IDs and partial phone numbers. So far, UIDAI hasn’t given out an official statement regarding the alleged leak reported by TechCrunch and Anderson. However, this proves once again that UIDAI’s system isn’t as secure as the agency assures from time-to-time.