Indian Oil’s Indane Leaks 67 Lakh Aadhaar Data Numbers, Confidential Data Of Customers
This Indane's 2nd major data leak
Yet another massive Aadhaar data leak has been reported, and this time, confidential data of 67 lakh Indane customers are at stake now.
Who found this leak? And what has Indane done to stop this?
Keep reading to find out more!
Indane Leaks Aadhaar Data Of Millions
Owned by Indian Oil Corporation, brand Indane is world’s 2nd largest LPG marketer. Founded in 1965, Indane serves 9 crore customers, via 9100 distributors.
It is said that every 2nd LPG connection in India belongs to Indane.
But now, this massive database of Indane customers have been breached, and data exposed.
French security researcher named Baptiste Robert, who reports data breaches via Twitter identity Elliot Alderson, has said that he was able to access 6.7 million Aadhaar records, which were present in the database of Indane.
Govt. had mandated Aadhaar linking with gas connections, to avail subsidy, and this is why Aadhaar leak also led Elliot to access Indane customer’s database.
Which Data Was Exposed?
As per Elliot, the Indane database exposed had these datasets:
– The hyperlink associated to the “Consumer No” contains a parameter called “aadhar_no”
– The “Consumer Name”
– The “Consumer Address”
– On the bottom right we have the “Total Records”
– In the url, there is a parameter called dealerID
The data was extracted using a custom script developed by Elliot, and before servers at Indane blocked his IP, he had accessed:
- 11062 valid dealer ids.
- Data of 5,826,116 Indane customers
- Total of 6,791,200 customers’ data was most probably exposed
Elliot found this expose on February 10th, and on February 15th, he informed Indane about this.
When no response came, he reported this to TechCrunch and other media outlets.
There has been no response from Indane on this data leak yet.
Elliot was able to access the data both from the Indane website, and from the Indane app, which proves that Indane didn’t take the security of their Aadhaar-linked database seriously, and left open a serious vulnerability which can cause harm to their customers.
We will keep you updated, as more details come in.
Other Aadhaar leaks which we covered: