(MENAFN- NewsBytes)
French researcher "finds" 20,000 Aadhaar cards online, UIDAI dismisses threats
12 Mar 2018
French security researcher Robert Baptiste (alias Elliot Anderson) is on a privacy checking spree. In the last few days, he claims to have exposed vulnerabilities on ISRO and Indian Post's websites and helped them correct the issues.
Now he claims to have "found" details of over 20,000 Aadhaar card-holders in three hours.
But UIDAI has dismissed the reports as "irresponsible" and "far from truth."
How did he "find" 20,000 Aadhaar cards?
Case
Baptiste, who operates @fs0c131y, tweeted early yesterday: "I will play a game tonight: How many #Aadhaar card I can found in 3 hours? Note: All cards must be available publicly."
He then kept posting updates about how many Aadhaar cards he has "found."
By 4:17am, he claims to have "found more than 20000 Aadhaar cards available publicly on the web" with "a manual search."
Publication of details doesn't mean security threatened: UIDAI clarifies
UIDAI
Hours later, without addressing anyone, UIDAI issued several tweets. "Aadhaar by its very nature needs to be shared openly," it said.
But "if anybody unauthorizedly publishes someone's personal information, he can be sued for civil damages by the person whose privacy is infringed."
However, such publication "in no way it threatens the system which has issued those IDs," like banks or income tax system.
When Baptiste helped ISRO, Indian Post check vulnerabilities
Others
In recent days, Baptiste revealed that one of ISRO's computers "had been compromised by a well known Remote Access Trojan called XtremeRAT."
After ISRO contacted him, "they told me the issue is now fixed."
He also raised an issue with Indian Post's website: "One of the @IndianPostOffice subdomain was vulnerable to an Apache vulnerability aka CVE 2017-5638."
This too has been fixed, he says.
MENAFN1203201801650000ID1096579638
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.