wordpress blog stats
Connect with us

Hi, what are you looking for?

Telangana govt benefits portal with lakhs of Aadhaar details can’t stave off basic security attack


French security researcher, Baptiste Robert used a basic SQL (structured query language) injection web hacking technique to attack the Telangana government’s benefits disbursement portal called TSPost, to access account details of 56 lakh National Rural Employment Guarantee Scheme (NREGS) beneficiaries and 40 lakh Social Security Pensions (SSP) beneficiaries, including Aadhaar numbers, reports TOI.

Robert breached the application programming interface key (API key) of both the TSPost website and the database of NREGS and SSP among others. This gave him access to all data stored in the beneficiaries’ account, including Aadhaar numbers.

It’s not clear if the Telangana government has managed to address the vulnerabilities, but the TSPost site is currently offline. A spokesperson for TSPost had told the publication that they will take care of the issue by February 27 but looks like they will require more time.

Given that the Unique Identification Authority of India’s (UIDAI) own mAadhaar Android app has serious security flaws that put Aadhaar holders at risk of data, identity and monetary theft, it will be harsh to put the Telangana government to the sword.

TSPost isn’t the first and unlikely that it will be the last

  • In August last year, the Greater Ludhiana Area Development Authority (GLADA) website, a Punjab government website, published online around 20,100 Aadhaar numbers of people who had applied for low-cost housing in Ludhiana and Jagraon.
  • A month earlier, in July, the Minister of State for Electronics and Information Technology, PP Chaudhary said that “it was found that around 210 websites of Central Government, State Government Departments including educational institutes were displaying the list of beneficiaries along with their name, address, other details and Aadhaar numbers for information of general public.” He was responding to a question raised in Parliament regarding Aadhaar data leaks.

Delhi government stops Aadhaar use for PDS

Earlier this month, Delhi government decided to stop the use of point-of-sale (PoS) terminals that required Aadhaar for the Public Distribution System (PDS), after reports of widespread deprivation and difficulties in procuring rations. The government said that these difficulties had emerged because the officers in charge of implementation had not used the PoS terminals for PDS in the manner that the Cabinet had recommended. Hopefully, other state governments will take note and follow suit.

You May Also Like


Even as the government considers amending the law to require the linking of Voter IDs to Aadhaar, the Election Commission of India announced that...


The Ministry of Electronics and Information Technology (MEITY) has “no information” of who developed the CoWIN app, or how much money was spent on...


Large troves of personal and sensitive data belonging to investors on crypto-currency exchange BuyUCoin has been leaked on the dark web. The data leak...


The Supreme Court has dismissed petitions seeking review of the 2018 judgment that upheld the certification of the Aadhaar Act as a money bill,...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ