While UIDAI stands its ground that its security protocols for Aadhaar are tamperproof and the recent reports questioning the security are “far from the truth and intended to spread misinformation”, a recent post on Medium reveals just how easy it is to access the ‘secure’ Aadhaar data.
In the post, @Trollacharya explains how he was able to access unsecured Aadhaar databases on various state websites just “for a free lunch at Ivan Ram and to impress a girl.”
Trollacharya claims that he was able to find the Aadhaar card dump in under five minutes using a simple search query.
In order to access the data, he targeted the state portals, which he thought were an easier target. In his post, he stated:
“I started alphabetically and I hit gold at Andhra Pradesh. Took me a grand total of 5 minutes. Their website administrator had left the website’s (which I have not published here for obvious reasons) Port 80 open and unauthenticated at that. This is as easy as stealing a candy from a baby…and found roughly 8000 Aadhaar cards with name, DOB, address and other personally identifiable information which can be used by nefarious elements to get fake SIM cards, create fake bank accounts and credit cards.”
He went on to explore other state portals and was able to find Aadhaar, PAN Card and Passports uploaded on an unsecure server by Maharashtra and UP governments. As mentioned earlier, the entire process is so easy that it doesn’t require one “to be a hacker or even know anything about cybersecurity.” Trollacharya claims:
“Just a small youtube tutorial of 8 minutes will give you the knowledge and the tools to get into the unsecured databases on various state websites and get access to thousands of people’s private identification documents.”
While the UIDAI might still claim that “Aadhaar remains safe and secure and there has not been a single breach from its biometric database during the last eight years of its existence”, the only way to check if your Aadhaar data has been compromised is by viewing your Aadhaar authentication history from this link.