wordpress blog stats
Connect with us

Hi, what are you looking for?

Telangana govt benefits portal with lakhs of Aadhaar details can’t stave off basic security attack

Malware

French security researcher, Baptiste Robert used a basic SQL (structured query language) injection web hacking technique to attack the Telangana government’s benefits disbursement portal called TSPost, to access account details of 56 lakh National Rural Employment Guarantee Scheme (NREGS) beneficiaries and 40 lakh Social Security Pensions (SSP) beneficiaries, including Aadhaar numbers, reports TOI.

Robert breached the application programming interface key (API key) of both the TSPost website and the database of NREGS and SSP among others. This gave him access to all data stored in the beneficiaries’ account, including Aadhaar numbers.

It’s not clear if the Telangana government has managed to address the vulnerabilities, but the TSPost site is currently offline. A spokesperson for TSPost had told the publication that they will take care of the issue by February 27 but looks like they will require more time.

Given that the Unique Identification Authority of India’s (UIDAI) own mAadhaar Android app has serious security flaws that put Aadhaar holders at risk of data, identity and monetary theft, it will be harsh to put the Telangana government to the sword.

TSPost isn’t the first and unlikely that it will be the last

  • In August last year, the Greater Ludhiana Area Development Authority (GLADA) website, a Punjab government website, published online around 20,100 Aadhaar numbers of people who had applied for low-cost housing in Ludhiana and Jagraon.
  • A month earlier, in July, the Minister of State for Electronics and Information Technology, PP Chaudhary said that “it was found that around 210 websites of Central Government, State Government Departments including educational institutes were displaying the list of beneficiaries along with their name, address, other details and Aadhaar numbers for information of general public.” He was responding to a question raised in Parliament regarding Aadhaar data leaks.

Delhi government stops Aadhaar use for PDS

Earlier this month, Delhi government decided to stop the use of point-of-sale (PoS) terminals that required Aadhaar for the Public Distribution System (PDS), after reports of widespread deprivation and difficulties in procuring rations. The government said that these difficulties had emerged because the officers in charge of implementation had not used the PoS terminals for PDS in the manner that the Cabinet had recommended. Hopefully, other state governments will take note and follow suit.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.

Views

News

The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...

News

Releasing the policy is akin to putting the proverbial 'cart before the horse'.

News

The industry's growth is being weighed down by taxation and legal uncertainty.

News

Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.

News

Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like

News

Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

Advert

135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...

News

Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

News

By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Name:*
Your email address:*
*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ