You are here: Home » Economy & Policy » News
Business Standard

Top LPG supplier leaked millions of Aadhaar data: Security researcher

A French researcher claimed he found a security lapse that allegedly exposed millions of Aadhaar numbers of dealers and distributors associated with Indane, an LPG brand owned by the Indian Oil

IANS  |  New Delhi 

Aadhaar

A French has claimed that he found a security lapse that allegedly exposed millions of numbers of dealers and distributors associated with Indane, an LPG brand owned by the (IOC).

Baptiste Robert, who goes by the online handle and has exposed leaks in the past, wrote in a blog post on Medium late Monday that the data of nearly 6.7 million dealers and distributors of Indane, accessible only with a valid username and password, was left exposed.

"Due to a lack of authentication in the local dealers portal, is leaking the names, addresses and the Aadhaar numbers of their customers," said Alderson.

Using a custom-built script to scrape the database, Alderson found customer data for nearly 11,000 dealers, including names and addresses of customers, before his IP was blocked by

"I wrote the python script. By running this script, it gives us 11062 valid ids. After more than 1 day, my script tested 9,490 dealers and found that a total of 5,826,116 customers are affected by this leak," he wrote.

The French researchers found 5.8 million Indane customer records before his script was blocked.

"Unfortunately, Indane probably blocked my IP, so I didn't test the remaining 1,572 dealers. By doing some basic math we can estimate the final number of affected customers around 6,791,200," Alderson added.

Indane and the (UIDAI) were yet to comment on this data leak.

 

(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

First Published: Tue, February 19 2019. 10:24 IST
RECOMMENDED FOR YOU