India’s national identity database hacked

In News

India’s central biometric database, which holds data of more than one billion citizens, has apparently been breached by hackers and this Aadhaar breach has compromised personal data of over one billion Indian citizens which is apparently on sale for less than $8.

According to an investigation by India’s Tribune newspaper, the Aadhaar biometric database has been compromised, with hackers installing a gateway into the database and selling access to personal identity data for as little as 500 rupees ($7.89). Journalists for the Tribune were able to buy personal data via WhatsApp.

The Unique Identification Authority of India (UIDAI), which is responsible for Aadhaar, has denied that sensitive data has been hacked, but the Tribune investigation by was able to purchase users data.
The illicit portal into the database enables a user to enter the unique Aadhaar user ID, and access addresses, post codes, photos, phone numbers, and email addresses. For a 300 rupee ($4.70) fee, hackers will also provide software to allow a victim’s Aadhaar card to be printed.

A follow-up report by Indian news website The Quint, has suggested that Aadhaar has a security flaw, which allows anyone with administrator access to the database to also grant administrator privileges to any other person, a process which can be repeated over and over. This would give those newly appointed with administration privileges access to the identifying data including names, addresses, dates of birth, parents’ names, gender, mobile numbers, language, but not the biometric data.

Aadhaar holds biometric data including fingerprints and iris scans. The UIDAI said that the biometric information and other sensitive data has not been compromised, but that it has filed a police complaint.

Comments

You may also read!

ESET named a Strong Performer by Forrester

Forrester named ESET as the “Strong Performer” in The Forrester Wave: Endpoint Detection And Response, Q3 2018, report. The

Read More...

Dell EMC unveils its Integrated Data Protection Appliance

Dell EMC unveiled its latest Integrated Data Protection Appliance (IDPA), the Dell EMC IDPA DP4400, providing simple and powerful

Read More...

Mimecast Acquires Ataata

Leading email and data security company, Mimecast announced it has acquired Ataata, a cyber security training and awareness platform

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu