wordpress blog stats
Connect with us

Hi, what are you looking for?

Updated: Indane says it ‘does not host Aadhaar and therefore no leak’ after 5.8M Aadhaar numbers exposed on site

Update on February 20:

Indane denied the leak of any Aadhaar data, stating that its website did not host any Aadhaar numbers. The state-owned company pointed out that its software “captures only the Aadhaar number which is required for LPG subsidy transfer. No other details are captured by IndianOil. Therefore leakage of Aadhaar is not possible through us.”

Security researcher Baptiste tweeted that the Indane shut down the affected dealer portal within 3 hours of TechCrunch reporting the story. After denying the leak, the Indane website was down “for maintenance,” he tweeted.

Earlier on February 19

Indane Gas leaks Aadhaar nos, names and addresses of 5.8M customers online

Government owned gas company Indane – which has 90 million customers – leaked the Aadhaar data of 5.8 million customers’ on its dealer and distributor website. Security researcher Robert Baptiste, who goes by Elliot Alderson (fs0c131y) on Twitter, received a tip-off about the exposure from an anonymous security researcher.

Meanwhile, the UIDAI has not issued a statement towards any effect on the breach.

Advertisement. Scroll to continue reading.

Upon investigation, Baptiste found the customer data linked to 11,000 dealers, and the Aadhaar data of at least 5.8 million customers, along with their names and addresses. The information is meant to be accessible with a valid dealer username and password. However, a part of the Indane website was indexed on Google, which allowed anybody to circumvent the login page and get access to the dealer database.

Baptiste, who wrote a detailed post on his findings, claims that the total Aadhaar numbers exposed could be up to 6.7 million. Baptiste provided his findings to TechCrunch, which first reported the leak. The following in from Baptiste’s post:

By running this script, it gives us 11062 valid dealer ids. After more than 1 day, my script tested 9490 dealers and found that a total of 5,826,116 Indane customers are affected by this leak.

Unfortunately, Indane probably blocked my IP, so I didn’t test the remaining 1572 dealers. By doing some basic math we can estimate the final number of affected customers around 6,791,200

Its worth noting that Indane had faced another Aadhaar breach last year. ZDNet had reported that the breach was much wider and provided direct connection to the Aadhaar database, possibly affecting anybody with an Aadhaar card. As always, the UIDAI had denied the report, and the breach, stating that “there has been absolutely no breach of UIDAI’s Aadhaar database. Aadhaar remains safe and secure”.

Also read: Consumer contact details freely available on Bharatgas site; Privacy? (From 2015)

Advertisement. Scroll to continue reading.

Aadhaar data leaked on Jharkhand state website

The leak comes days after the Aadhaar numbers of 166,000 (1.6 lakh) government employees were leaked due to a vulnerability in a Jharkand government web system. The system had been left exposed without password protection since 2014, allowing anybody access to names, job titles, partial phones numbers, and Aadhaar numbers of the employees.

In this case as well, a subdomain of the Jharkhand government’s website was indexed on Google, and could be easily found. The subdomain contained cached copies of the site, and attendance records of government employees which also contained their Aadhaar numbers.

Last week, the Union government asked for the dismissal of an Aadhaar related petition in the Delhi HC. Filed by lawyer and professor Shamnad Basheer, the petition claimed damages due to inadequate security and multiple breaches related to Aadhaar, and asked, among other things, that all the existing Aadhaar numbers be deleted. The Centre sought dismissal of the petition on the grounds that the Supreme Court had already given a final ruling on the Aadhaar matter.

Further reading: 

Written By

I cover health, policy issues such as intermediary liability, data governance, internet shutdowns, and more. Hit me up for tips.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.


When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ