Wait, What? Entire Aadhaar Database of 1 Billion Indians Now Available For Rs 500!
Inspite of Government's assurances to the contrary, Aadhaar database is sill being hacked and exploited.
Time and again, Indian Govt. has reasserted the fact that Aadhaar system is completely safe, and there is no possibility of any data breach.
World Bank has lauded Aadhaar initiatives by Indian Govt. and has declared it as World’s most sophisticated ID program.
No doubt Govt. has created rules and regulations against misusing Aadhaar data, and even provisioned heavy penalty for that.
But, the reality is, Aadhaar breach is still happening and has become even easier.
In a shocking sting operation, The Tribune newspaper has revealed how the entire Aadhaar database – which is 1 billion Indian citizens private data, is now available for mere Rs 500, and it takes just 10 minutes to get access to it.
But the worst is not over – By paying just Rs 300 more, you can also get a software, which can print out Aadhaar card of any Indian citizen you wish.
This is a privacy nightmare, and Govt. will have to respond.
The Sting Operation: Aadhaar Breach
Tribune correspondent posed as Anamika, and contacted a Whatsapp number: 7610063464 to buy Aadhaar database. The person on the other end identified himself as Anil Kumar, and asked her to create an email id, and gave her a Paytm number to send Rs 500.
Exactly after 10 minutes, the Tribune correspondent received an email: “You have been enrolled as Enrolment Agency Administrator for ‘CSC SPV’. Your Enrolment Agency Administrator ID is ‘Anamika_6677’.”
After the password arrived in a separate email, she was able to access billions of Aadhaar database, from her computer.
After she gave another Rs 300, the guy called Anil Kumar accessed her computer via Team Viewer and installed the software which can print those Aadhaar cards as well.
So much for ‘complete security of Aadhaar database’!
Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, has admitted this security lapse, and said,
“Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach.”
How Did This Breach Happen?
No, this data breach wasn’t a hack and no data was stolen.
The culprits here are exploiting access rights of over 3 lakh village-level enterprise (VLE) operators.
During initial days of Aadhaar enrollment, Ministry of Electronics and Information Technology (ME&IT) had hired around 3 lakh VLEs under the Common Service Centres Scheme (CSCS) for enrolling citizens into Aadhaar.
Now, in the month of April last year, such initiatives were banned, and only post offices and bank premises were allowed to be used for Aadhaar enrollment.
These lakhs of VLEs suddenly became jobless, and in order to get some additional income, they started offering ‘Aadhaar services’ to edit or modify details of others.
But, some of them crossed the line and started offering full access to Aadhaar database, using their IDs and passwords.
The correspondent from Tribune received the ID and password of one such VLE from Rajasthan, as the URL in the software pointed to “aadhaar.rajasthan.gov.in” for printing the Aadhaar cards.
This is a major security lapse, as UIDAI should have terminated all such VLEs access from the UIDAI database.
It would be really interesting to observe how Govt. reacts now, and what steps would be taken to stop this menace.
Till then, all we can do is pray that our Aadhaar data is not compromised.
Do let us know your views by commenting right here!