{"id":1301211,"date":"2025-10-10T09:04:57","date_gmt":"2025-10-10T03:34:57","guid":{"rendered":"https:\/\/trak.in\/stories\/?p=1301211"},"modified":"2025-10-10T09:05:26","modified_gmt":"2025-10-10T03:35:26","slug":"sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website","status":"publish","type":"post","link":"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/","title":{"rendered":"Sensitive Info Of Taxpayers Getting Leaked From Income Tax Website"},"content":{"rendered":"\n

There was a security flaw found in the Indian government\u2019s income tax filing portal which was exposing sensitive taxpayers\u2019 data that is now fixed by the Indian government\u2019s tax authority as per a recent media report<\/a>.<\/p>\n\n\n\n

\"Sensitive<\/figure>\n\n\n\n

How Did This Happen?<\/strong><\/p>\n\n\n\n

This flaw was identified during September by a pair of security researchers, Akshay CS and \u201cViral,\u201d which allowed anyone who was logged into the income tax department\u2019s e-Filing portal to access up-to-date personal and financial data of other people.<\/p>\n\n\n\n

Moving ahead, this flaw had exposed data which included full names, home addresses, email addresses, dates of birth, phone numbers along with the bank account details of people who pay taxes on their income in India.<\/p>\n\n\n\n

Not only that, this flaw also exposed the citizens\u2019 Aadhaar number which is a unique government-issued identifier used as proof of identity and for accessing government services in India.<\/p>\n\n\n\n

As confirmed by the security researchers, the vulnerability was fixed on October 2 and it can no longer be exploited.<\/p>\n\n\n\n

So far, the representatives for the Indian Income Tax Department acknowledged the request for comment, but did not release any statement yet.<\/p>\n\n\n\n

What Was The Flaw And How Did It Granted Access to Sensitive Data?<\/strong><\/p>\n\n\n\n

It appears that the security researchers Akshay CS and \u201cViral\u201d discovered this vulnerability while filing their recent income tax return on the government website.<\/p>\n\n\n\n

As we already know, the residents of India are required to file their annual earnings to calculate the taxes they owe to the Indian government.<\/p>\n\n\n\n

In their research, they found that when they signed into the portal using their Permanent Account Number (PAN), an official document issued by the Indian income tax department, they could view anyone else\u2019s sensitive financial data by swapping out their PAN for another PAN in the network request as the web page loads.<\/p>\n\n\n\n

This was possible by using publicly available tools such as Postman or Burp Suite (or using the web browser\u2019s in-built developer tools) and with knowledge of someone else\u2019s PAN, the researchers told TechCrunch.<\/p>\n\n\n\n

They found that this bug was exploitable by anyone who was logged-in to the tax portal because the Indian income tax department\u2019s back-end servers were not properly checking who was allowed to access a person\u2019s sensitive data. <\/p>\n\n\n\n

They have classified this vulnerability as an insecure direct object reference, or IDOR which is a common and simple flaw that governments have warned is easy to exploit and can result in large-scale data breaches.<\/p>\n\n\n\n

Moving ahead, the researchers said, \u201cThis is an extremely low-hanging thing, but one that has a very severe consequence.\u201d <\/p>\n\n\n\n

Besides the individuals data, this bug also exposed data associated with companies who were registered with the e-Filing portal.<\/p>\n\n\n\n

It appears that the bug exposed data on individuals who have yet to file their income tax returns this year. <\/p>\n\n\n\n

After the discovery of this bug, the security researchers alerted India\u2019s computer emergency readiness team, or CERT-In, to the security flaw soon after their discovery, but were not provided with a timeline for the fix.<\/p>\n\n\n\n

A CERT-In representative said the Income Tax Department was already working to fix the vulnerability on September 30.<\/p>\n\n\n\n

So far, it still remains unclear how long the vulnerability has existed or whether any malicious actors have accessed the exposed data. <\/p>\n\n\n\n

Besides this, the exact number of users impacted by the exposed data is also unclear.<\/p>\n\n\n\n

When it comes to the Income Tax Department\u2019s portal, it lists more than 135 million registered users, and over 76 million users filed income tax returns in the financial year 2024-25 as per the public data available on the portal itself.<\/p>\n","protected":false},"excerpt":{"rendered":"

There was a security flaw found in the Indian government\u2019s income tax filing portal which was exposing sensitive taxpayers\u2019 data that is now fixed by the Indian government\u2019s tax authority as per a recent media report. How Did This Happen? This flaw was identified during September by a pair of security researchers, Akshay CS and […]<\/p>\n","protected":false},"author":30,"featured_media":1301218,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21],"tags":[1195,192],"class_list":["post-1301211","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business","tag-hacking","tag-income-tax"],"acf":[],"yoast_head":"\nSensitive Info Of Taxpayers Getting Leaked From Income Tax Website - Trak.in - Indian Business of Tech, Mobile & Startups<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Sensitive Info Of Taxpayers Getting Leaked From Income Tax Website - Trak.in - Indian Business of Tech, Mobile & Startups\" \/>\n<meta property=\"og:description\" content=\"There was a security flaw found in the Indian government\u2019s income tax filing portal which was exposing sensitive taxpayers\u2019 data that is now fixed by the Indian government\u2019s tax authority as per a recent media report. How Did This Happen? This flaw was identified during September by a pair of security researchers, Akshay CS and […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/\" \/>\n<meta property=\"og:site_name\" content=\"Trak.in - Indian Business of Tech, Mobile & Startups\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-10T03:34:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-10T03:35:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trak.in\/stories\/wp-content\/uploads\/2025\/10\/Untitled-design-11-2-1280x720-1-1024x576-1-1024x576-1280x720-2.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mohul Ghosh\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mohul Ghosh\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/\",\"url\":\"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/\",\"name\":\"Sensitive Info Of Taxpayers Getting Leaked From Income Tax Website - Trak.in - Indian Business of Tech, Mobile & Startups\",\"isPartOf\":{\"@id\":\"https:\/\/trak.in\/stories\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/trak.in\/stories\/wp-content\/uploads\/2025\/10\/Untitled-design-11-2-1280x720-1-1024x576-1-1024x576-1280x720-2.jpeg\",\"datePublished\":\"2025-10-10T03:34:57+00:00\",\"dateModified\":\"2025-10-10T03:35:26+00:00\",\"author\":{\"@id\":\"https:\/\/trak.in\/stories\/#\/schema\/person\/5092a7d2906e3f3c819643435477c2a7\"},\"breadcrumb\":{\"@id\":\"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/#primaryimage\",\"url\":\"https:\/\/trak.in\/stories\/wp-content\/uploads\/2025\/10\/Untitled-design-11-2-1280x720-1-1024x576-1-1024x576-1280x720-2.jpeg\",\"contentUrl\":\"https:\/\/trak.in\/stories\/wp-content\/uploads\/2025\/10\/Untitled-design-11-2-1280x720-1-1024x576-1-1024x576-1280x720-2.jpeg\",\"width\":1280,\"height\":720},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/trak.in\/stories\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Sensitive Info Of Taxpayers Getting Leaked From Income Tax Website\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/trak.in\/stories\/#website\",\"url\":\"https:\/\/trak.in\/stories\/\",\"name\":\"Trak.in - Indian Business of Tech, Mobile & Startups\",\"description\":\"Trak.in is a popular Indian Business, Technology, Mobile & Startup blog featuring trending News, views and analytical take on Technology, Business, Finance, Telecom, Mobile, startups & Social Media Space\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/trak.in\/stories\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/trak.in\/stories\/#\/schema\/person\/5092a7d2906e3f3c819643435477c2a7\",\"name\":\"Mohul Ghosh\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/trak.in\/stories\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/66c129d83dd3f325a3b550eb1aa16891173ddfc4686361424206cd9a01311c89?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/66c129d83dd3f325a3b550eb1aa16891173ddfc4686361424206cd9a01311c89?s=96&d=mm&r=g\",\"caption\":\"Mohul Ghosh\"},\"url\":\"https:\/\/trak.in\/stories\/author\/mohul-ghosh\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Sensitive Info Of Taxpayers Getting Leaked From Income Tax Website - Trak.in - Indian Business of Tech, Mobile & Startups","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/","og_locale":"en_US","og_type":"article","og_title":"Sensitive Info Of Taxpayers Getting Leaked From Income Tax Website - Trak.in - Indian Business of Tech, Mobile & Startups","og_description":"There was a security flaw found in the Indian government\u2019s income tax filing portal which was exposing sensitive taxpayers\u2019 data that is now fixed by the Indian government\u2019s tax authority as per a recent media report. How Did This Happen? This flaw was identified during September by a pair of security researchers, Akshay CS and […]","og_url":"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/","og_site_name":"Trak.in - Indian Business of Tech, Mobile & Startups","article_published_time":"2025-10-10T03:34:57+00:00","article_modified_time":"2025-10-10T03:35:26+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/trak.in\/stories\/wp-content\/uploads\/2025\/10\/Untitled-design-11-2-1280x720-1-1024x576-1-1024x576-1280x720-2.jpeg","type":"image\/jpeg"}],"author":"Mohul Ghosh","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Mohul Ghosh","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/","url":"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/","name":"Sensitive Info Of Taxpayers Getting Leaked From Income Tax Website - Trak.in - Indian Business of Tech, Mobile & Startups","isPartOf":{"@id":"https:\/\/trak.in\/stories\/#website"},"primaryImageOfPage":{"@id":"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/#primaryimage"},"image":{"@id":"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/#primaryimage"},"thumbnailUrl":"https:\/\/trak.in\/stories\/wp-content\/uploads\/2025\/10\/Untitled-design-11-2-1280x720-1-1024x576-1-1024x576-1280x720-2.jpeg","datePublished":"2025-10-10T03:34:57+00:00","dateModified":"2025-10-10T03:35:26+00:00","author":{"@id":"https:\/\/trak.in\/stories\/#\/schema\/person\/5092a7d2906e3f3c819643435477c2a7"},"breadcrumb":{"@id":"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/#primaryimage","url":"https:\/\/trak.in\/stories\/wp-content\/uploads\/2025\/10\/Untitled-design-11-2-1280x720-1-1024x576-1-1024x576-1280x720-2.jpeg","contentUrl":"https:\/\/trak.in\/stories\/wp-content\/uploads\/2025\/10\/Untitled-design-11-2-1280x720-1-1024x576-1-1024x576-1280x720-2.jpeg","width":1280,"height":720},{"@type":"BreadcrumbList","@id":"https:\/\/trak.in\/stories\/sensitive-info-of-taxpayers-getting-leaked-from-income-tax-website\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/trak.in\/stories\/"},{"@type":"ListItem","position":2,"name":"Sensitive Info Of Taxpayers Getting Leaked From Income Tax Website"}]},{"@type":"WebSite","@id":"https:\/\/trak.in\/stories\/#website","url":"https:\/\/trak.in\/stories\/","name":"Trak.in - Indian Business of Tech, Mobile & Startups","description":"Trak.in is a popular Indian Business, Technology, Mobile & Startup blog featuring trending News, views and analytical take on Technology, Business, Finance, Telecom, Mobile, startups & Social Media Space","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/trak.in\/stories\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/trak.in\/stories\/#\/schema\/person\/5092a7d2906e3f3c819643435477c2a7","name":"Mohul Ghosh","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/trak.in\/stories\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/66c129d83dd3f325a3b550eb1aa16891173ddfc4686361424206cd9a01311c89?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/66c129d83dd3f325a3b550eb1aa16891173ddfc4686361424206cd9a01311c89?s=96&d=mm&r=g","caption":"Mohul Ghosh"},"url":"https:\/\/trak.in\/stories\/author\/mohul-ghosh\/"}]}},"jetpack_featured_media_url":"https:\/\/trak.in\/stories\/wp-content\/uploads\/2025\/10\/Untitled-design-11-2-1280x720-1-1024x576-1-1024x576-1280x720-2.jpeg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/posts\/1301211","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/users\/30"}],"replies":[{"embeddable":true,"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/comments?post=1301211"}],"version-history":[{"count":1,"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/posts\/1301211\/revisions"}],"predecessor-version":[{"id":1301219,"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/posts\/1301211\/revisions\/1301219"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/media\/1301218"}],"wp:attachment":[{"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/media?parent=1301211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/categories?post=1301211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trak.in\/stories\/wp-json\/wp\/v2\/tags?post=1301211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}