The UIDAI portal, which could only be accessed by admins of the Aadhaar database, is currently down following reports of the data breach on the portal. Typing the URL ‘portal.uidai.gov.in‘ on your browser returns the message — ‘This site can’t be reached’.
According to a report in the Tribune, a journalist from the paper was able to purchase unrestricted access to the Aadhaar database for as little as Rs 500. For the price, the journalist was made an Enrollment Agency Administrator for CSC SPV, apparently without any checks. Using the provided administrator login id, the journalist could log into the UIDAI portal and get unrestricted access. The portal has been allegedly down since the day the report was published.
This access allowed the journalist to get details of Name, Address, PIN code, photo, phone number and email. For another Rs 300, the Tribune team was given software for printing an Aadhaar card, after entering the Aadhaar number for anyone.
Twitter users had purportedly figured out a way to circumvent this issue and access the portal by using the portal’s IP address instead of the full URL. The method no longer seems to work, yet it is unclear if it was patched out by UIDAI itself.
— Nemo (@captn3m0) January 9, 2018
UIDAI firewalls 5,000 officials
On Tuesday, it was reported that the Unique Identification Authority of India (UIDAI) had restricted the access of about 5,000 officials to the Aadhaar portal after the January 4 Tribune report.
The Economic Times reported, “All the privileges given to designated officers for access have been immediately withdrawn,” said a top government official who didn’t want to be named. UIDAI has overhauled its system to enable access only by entering the biometrics of the person whose details were sought to be verified.
Under the earlier system, state governments had authorized certain officials — both government and private operators — to have access to the database. Economic Times quotes the anonymous official saying that the system previously allowed a designated officer to view the demographic details of an Aadhaar holder such as name, address, date of birth, etc, by entering the 12-digit unique identity number, so that changes could be made easily. UIDAI gets over 500,000 daily requests for changes, he said.
Going forward, access needs to be authenticated by the fingerprint of the Aadhaar holder and the data available will be restricted to that person. “It may inconvenience some people who wanted speedy access to their details, but the move is expected to prevent future breaches,” the official said.