Aadhaar Data of Farmers Exposed by a Government Website: Researcher

Aadhaar data of a large number of farmers was leaked by a government website designed for the welfare of the agriculture sector in India, a security researcher has reported. The website, called PM Kisan, allows the government to distribute grants to farmers under the Pradhan Mantri Kisan Samman Nidhi programme. However, due to an issue, one of its parts was publicly exposing Aadhaar numbers of enrolled farmers. The website has registered over 110 million farmers since its launch in 2019.

Security researcher Atul Nair said in a post on Medium that a part of the PM Kisan website was leaking the Aadhaar number of its registered farmers.

“The website provides an endpoint, which returns information about the beneficiary. This endpoint was also sending Aadhaar numbers,” Nair told Gadgets 360.

The issue was first spotted by the researcher in late January and was reported by India’s Computer Emergency Response Team (CERT-In). Shortly after receiving the report, the nodal agency forwarded the details to the concerned authorities. They, however, apparently took some months to fix the exposure.

Nair wrote in his post that the issue was fixed in late May. He told Gadgets 360 that he had confirmed that the issue was no longer reproducible.

However, it is not confirmed whether an attacker was able to breach the data until it got fixed.

CERT-In appreciated the researcher for reporting the issue, though it did not explicitly confirm the fix or whether the data was not breached.

Gadgets 360 has reached out to the National Informatics Centre (NIC) — the developer and maintainer of the PM Kisan website. This article will be updated when the department responds.

Aadhaar numbers of individuals in the country are not of confidential nature, per the Unique Identification Authority of India (UIDAI) — the statutory authority that is mandated to issue the 12-digit uniquely identified numbers. Nevertheless, it does restrict users from sharing Aadhaar cards on public platforms.

This is notably not the first time when the Aadhaar data of individuals was exposed by a government website. In 2019, the Jharkhand government reportedly exposed the unique identification numbers of its thousands of workers.

A few days later, state-owned liquid petroleum gas (LPG) manufacturer Indane had also allegedly exposed Aadhaar details of millions of its consumers.


For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.