Unprotected MongoDB Database Contains 275 Million Records of Indian Citizens
Published on May 9, 2019
A web system that was responsible for storing attendance data of hundreds of thousands of workers in Jharkhand, India suffered a data breach exposing Aadhaar details as reported by TechCrunch. The Aadhaar card is used in India as a private national identification number for its citizen, and it also contains other private information. While the data was not stolen from the Unique Identification Authority of India (UIDAI), the organization responsible for managing the card data it is still a major security concern due to the negligence of the Jharkhand government.
The breach was caused due to the Jharkhand government not keeping the Aadhaar data secured. The website containing the data was accessible through a subdomain that was indexed by Google. It was not only the identification details that was stolen, but also attendance record of employees. Security researcher Baptiste Robert was able to scrape the website for private data using less than hundred lines of Python code.
In 2018, the UIDAI claimed that the Aadhaar database was impenetrable despite a number of security incidents being uncovered. The organization is known for ignoring security incidents and classifying them as fake news. Last year, utility company Indane had direct access to the Aadhaar database allowing them to collect any citizen’s data if they wanted to. However, the reports were played down by the UIDAI stating it was simply not true.
Citizens have protested against the usage of the Aadhaar card for months, but the Supreme Court of India has declared it to be a part of the constitution which means that the card is not going anywhere. It remains to be seen if UIDAI takes the issue seriously and lays down strict guidelines to protect private data of Indian citizens.
What do you think about the Aadhaar data breach? Let us know in the comments below and share your thoughts with our socials community on Facebook and Twitter.