Loading stock data...

Indian State Government Fixes Website Bugs That Exposed Residents’ Sensitive Documents

By Neuralnexus

Experience “The Office” with Meta & NBCUniversal.

We already know that Meta is pushing people towards working in virtual reality settings—but what about The Office?

By Neuralnexus

The rewritten title is: Examining the Growth of Open-Source Large Language Models.

In the world of artificial intelligence, large language models (LLMs) have gained significant attention due to their ability to process vast amounts of

By Neuralnexus

GlossGenius announces $25M funding round tripling valuation as it overhauls beauty tech stack

Danielle Cohen-Shohet developed a tech platform to assist spa, studio, and salon business owners in managing their operations. During her time as a

News special

meta nbcu

Experience “The Office” with Meta & NBCUniversal.

FutureGPU

The rewritten title is: Examining the Growth of Open-Source Large Language Models.

GlossGenius product shot 2

GlossGenius announces $25M funding round tripling valuation as it overhauls beauty tech stack

Media e216618b 7909 45f9 a60a 9dd20e449371 133807079767901640

Can quantum computing jeopardize your crypto portfolio?

GettyImages 1314281357

Elevate Secures $28 Million to Revolutionize Benefit Management for Employers.

rajasthan local voter getty
0 Comments 7 months 702 words

Rajasthan Government’s Jan Aadhaar Portal Exposed Sensitive Documents and Personal Information

In a recent development, the Indian state government of Rajasthan has fixed security issues impacting its website related to the Jan Aadhaar program. This program aims to provide a single identifier to families and individuals in the state to access welfare schemes. However, the bugs exposed sensitive documents and personal information of millions of residents.

The Bugs: A Threat to Millions

The bugs existed on the Rajasthan government’s website related to Jan Aadhaar, which provides a single identifier to families and individuals in the state to access welfare schemes. The bugs exposed copies of Aadhaar cards, birth and marriage certificates, electricity bills, and income statements related to registrants, as well as personal information such as their date of birth, gender, and father’s name.

How the Bugs Were Found

Security researcher Viktor Markopoulos, working for cybersecurity company CloudDefense.ai, found the bugs in the Jan Aadhaar portal in December. He reached out to TechCrunch for help in disclosing the issue to the authorities. The bugs were fixed last week through an intervention by the Indian Computer Emergency Response Team (CERT-In).

The Two Critical Bugs

One of the bugs allowed anyone to access personal documents and information with knowledge of a registrant’s phone number. This was a significant security vulnerability, as it exposed sensitive information without any authentication or authorization process.

The other bug allowed the return of sensitive data because the server was not properly checking the validity of one-time passwords (OTPs). OTPs are a crucial security measure that helps protect user accounts from unauthorized access. The fact that this bug existed meant that even with OTPs, users’ sensitive information could be compromised.

The Impact: Millions Affected

The state’s Jan Aadhaar portal has more than 78 million individual registrants and 20 million families. This means that millions of residents were at risk due to the security vulnerabilities on the website.

Why It Matters: The Importance of Website Security

Website security is a critical aspect of any online platform, especially when it comes to sensitive information like Aadhaar numbers and fingerprints. The Rajasthan government’s failure to address these issues in a timely manner exposed millions of residents to potential identity theft and other malicious activities.

The Response: CERT-In Steps In

TechCrunch reached out to the Rajasthan government’s Jan Aadhaar Authority on December 22, but did not receive a response. Subsequently, TechCrunch shared the details of the bug with CERT-In, which confirmed that the bugs had been fixed.

CERT-In is the nodal agency responsible for coordinating and responding to computer security incidents in India. Their intervention ensured that the issue was addressed promptly and effectively.

The Fix: A Lesson Learned

While the fix has been implemented, this incident highlights the importance of regular security audits and updates on government websites. It also underscores the need for timely action when security vulnerabilities are identified.

In an era where online security is paramount, it is essential that governments prioritize website security to protect citizens’ sensitive information.

Related Developments

The Rajasthan government’s Jan Aadhaar portal was launched in 2019 with the aim of providing a single identifier to families and individuals in the state for accessing state government welfare schemes. This contrasts with the regular Aadhaar card, which is available for enrollment to eligible individuals across India and provided by the central government-backed Unique Identification Authority (UIDAI).

Conclusion

The recent fix on the Rajasthan government’s website related to Jan Aadhaar is a welcome development. However, this incident serves as a reminder of the importance of website security in protecting sensitive information.

In an era where online threats are increasingly prevalent, it is essential that governments prioritize website security and take timely action when vulnerabilities are identified.

References:

About the Author:

Jagmeet Singh is a reporter at TechCrunch, covering startups, tech policy-related updates, and other major tech-centric developments from India.

More Stories

May be missed