New Aadhaar data leak exposes 11 crore Indian farmers’ sensitive info

New Delhi: Due to a flaw in the government of India website, the Aadhaar data of millions of Indian farmers was leaked online. According to a study by security researcher Atul Nair, a section of the Indian government's Pradhan Mantri Kisan Samman Nidhi website was exposing Aadhaar-related information about farmers who were benefiting from the scheme.

The government's Pradhan Mantri Kisan Samman Nidhi initiative aims to offer a minimum basic income to all farmers in the country. Farmers receive up to Rs 6,000 per year in minimum income support under this scheme, which is given on an annual basis. Read More: THIS LIC policy fetches Rs 4 lakh return by just investing Rs 30 everyday

A part of the initiative's website, according to the security researcher, was returning farmers' Aadhaar numbers. "A dashboard feature on the PM Kisan website allows you to view various charts and data. In a blog post, he claimed, "An endpoint in the dashboard was leaking Aadhaar numbers of all the farmers based on area (state, district, village)." Read More: New wage code from July 1: 12 hours work-week, changes in Leaves, reduced in-hand salary, higher PF for employees

According to Nair, this bug might have allowed attackers to acquire all of the data belonging to the scheme's farmers by running a simple script, exposing the personal information of millions of farmers online. More than 11 crore farmers have enrolled on the Pradhan Mantri Kisan Samman Nidhi website as of now. As a result, attackers may have had easy access to the personal information of over 110 million farmers.

This is noteworthy because it is not something that has happened for the first time. According to Nair's blog post, he originally spotted the problem in January of this year and reported it to India's Computer Emergency Response Team, or CERT-In. Last month, the problem was eventually fixed.

It's worth mentioning that this isn't the first time that Indian residents' Aadhaar numbers have been leaked on the internet. Security experts have identified multiple incidents in which Aadhaar-linked databases have been left exposed online in recent years.

In 2019, a glitch in a section of the website of the state-owned gas company Indane leaked Aadhaar data for dealers and distributors, exposing consumer Aadhaar details online. Before his code was stopped by the government, French security researcher Robert Baptise, who goes by the handle Elliot Anderson on Twitter, claimed to have discovered Aadhaar details for about 5.8 million Indane clients.

In the same year, a web system used in Jharkhand to track government workers' attendance was left vulnerable online. Anyone with a basic computer could have readily accessed the names, job titles, and partial phone numbers of the state's nearly 166,000 government employees.