January 4, 2018 | By Sikh Siyasat Bureau
Chandigarh: An investigative report published in Thursday edition of a daily English vernacular The Tribune, has bulldozed the tall claims made by both the Central government and Unique Identification Authority of India (UIDAI) that ” the Aadhaar data and details of billions of Indian citizens are safe as well as secure”.
Last November the UIDAI had asserted that all the data and information of Aadhaar Card is completely secure and safe from misuse. But after a service was ‘purchased’ by the media sources from a anonymous sellers over WhatsApp that provided unrestricted access to details for any of the more than 1 billion Aadhaar numbers created in India thus far, these tall claims fell flat.
It took just Rs 500, paid through Paytm, and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code (PIN), photo, phone number and email.
According to the report:
It took just Rs 500, paid through Paytm, and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code (PIN), photo, phone number and email.
What is more, The Tribune team paid another Rs 300, for which the agent provided “software” that could facilitate the printing of the Aadhaar card after entering the Aadhaar number of any individual.
Further, it was reported by the media sources that after paying additional Rs 300, the agent provided “software” that could facilitate the printing of the Aadhaar card after entering the Aadhaar number of any individual.
The report gives a run down on how this data breach was unearthed.
A quick chat, and full access
12:30 pm: This correspondent posing as ‘Anamika’ contacted a person on WhatsApp number 7610063464, who introduced himself as ‘Anil Kumar’. He was asked to create an access portal.
12:32pm: Kumar asked for a name, email ID and mobile number, and also asked for Rs 500 to be credited in his Paytm No. 7610063464.
12:35 pm: This correspondent created an email ID, [email protected], and sent mobile number ******5852 to the anonymous agent.
12:48 pm: Rs 500 transferred through Paytm.
12:49 pm: This correspondent received an email saying, “You have been enrolled as Enrolment Agency Administrator for ‘CSC SPV’. Your Enrolment Agency Administrator ID is ‘Anamika_6677’.” Also, it was said that a password would be sent in a separate mail, which followed shortly.
12:50 pm: This correspondent had access to the Aadhaar details of every Indian citizen registered with the UIDAI.
Printing Aadhaar card
This correspondent later again approached Anil Kumar to ask for software to print Aadhaar cards. He asked for Rs 300 through Paytm No. 8107888008 (in the name of ‘Raj’). Once paid, a person identifying himself as Sunil Kumar called from mobile number 7976243548, and installed software on this correspondent’s computer by accessing it remotely through “TeamViewer”. Once the job was done, he deleted the software drivers, even from the recycle bin.
When the officials of UIDAI in Chandigarh were confronted by the media persons they expressed their utter shock over the full data being accessed, and admitted it seemed to be a major national security breach. They immediately took up the matter with the UIDAI technical consultants in Bangaluru.
While interacting with The Tribune (TT) Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh, accepting that this was a lapse, “Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach,” he added.
This is not the first time that the sensitive information of Aadhaar Card of individual citizens have been compromised. In April 2017 the Aadhaar details of hundreds of pension beneficiaries got leaked on the official website of the ePDS (Public Distribution System) and other officials websites of the government of Jharkhand. Soon it was followed by Aadhaar data leak on the official website of the department of welfare of scheduled castes, backward classes and minority, of the Punjab government in the subsequent month.
The report further revealed that those Common Service Centres Scheme (CSCS) who were initially entrusted with the task of making Aadhaar cards across India, were rendered idle after the job was withdrawn from them. The service was restricted to post offices and designated banks to avoid any security breach in November last year.
Spotting an opportunity to make a quick buck, more than one lakh VLEs are now suspected to have gained this illegal access to UIDAI data to provide “Aadhaar services” to common people for a charge, including the printing of Aadhaar cards. However, in wrong hands, this access could provide an opportunity for gross misuse of the data.
(1) Save Our WhatsApp Number 0091-855-606-7689 to your phone contacts; and
(2) Send us Your Name via WhatsApp. Click Here to Send WhatsApp Message Now.
Related Topics: Aadhaar Card, Adhaar Data Leak, Indian Politics, Indian State