Aadhaar Security A Big Joke? 13 Cr Aadhaar Numbers & 10 Cr Bank Accounts Linked With Aadhaar Leaked!

Centre for Internet & Society (India), a leading Bangalore-based think tank on multidisciplinary research and advocacy has revealed that more than 13 crore Aadhaar numbers and 10 crore bank accounts linked with Aadhaar have been leaked online, available for anyone and everyone to exploit.

This massive revelation was exposed via a detailed report titled ‘Information Security Practices of Aadhaar (or lack thereof): A documentation of the public availability of Aadhaar numbers with sensitive personal financial information’, and is based on an exhaustive investigation of four Govt. portals, linked with social welfare.

The report, co-authored by Amber Sinha and Srinivas Kodali says, “Based on the numbers available on the websites looked at, the estimated number of Aadhaar numbers leaked through these four portals could be around 130-135 million and the number of bank account numbers leaked at around 100 million from the specific portals we looked at..”

Aadhaar Security Exposed – Massive Data Leaks With Proof

In order to find out the level of Aadhaar data exposure and leak, CIS focussed on major Govt. projects, for which the beneficiaries need to provide Aadhaar details for money transfers and payments.

The four Govt. portals which were investigated by CIS are:

• National Social Assistance Programme (NSAP)’s dashboard
• National Rural Employment Guarantee Act’s (NREGA) portal
• Andhra Pradesh’s own NREGA portal
• Andhra Govt’s scheme “Chandranna Bima”

As showcased in the report via screenshots, and as observed by us by visiting these portals, the exact names, bank account numbers, phone numbers and in some cases, the amount of money transferred is clearly out in public domain.

The report mentions the fact that the amount of transparency shown by the respective Govt. portals is appreciated, and laudable, but the fact that these sensitive databases is out there in the open, readily available to be downloaded as spreadsheets make the whole purpose a big joke, a serious error from the Govt.

UIDAI Is Silent on Data Leak

As of now, UIDAI, the parent organisation behind Aadhaar Card platform is silent on the case. There has been no comment or reaction from them on this issue.

The report has observed that some of the links as shown by them as exposed are slowly being masked, but is that enough? If a hacker has been targeting these databases, then they would have been successful, and even if the masking is done, anyone with a decent coding knowledge can again hack them and download the entire database.

The report said, “While the UIDAI (Unique Identification Authority of India) has been involved in proactively pushing for other databases to get seeded with Aadhaar numbers, they take little responsibility in ensuring the security and privacy of such data,”

We had earlier reported a leakage of 1 million Aadhaar related data by Jharkhand Govt. website last month; and even Govt. has admitted that Aadhaar data leak is happening.

But, when will this stop? When will Govt. and UIDAI become serious and take the issue of Aadhaar data as severely important and stop the data leak?

Is Aadhaar security a big joke? Do let us know by commenting right here.