Rajasthan government has fixed security issues impacting its website related to Jan Aadhaar that exposed millions of residents' personal information and sensitive documents.
Jan Aadhaar is a state programme that provides a single identifier to families and individuals in Rajasthan so that they can access the welfare schemes.
Aadhaar cards, birth and marriage certificates, electricity bills, income statements, and personal information, such as date of birth, gender and father's name, were exposed by the bugs, TechCrunch reported.
The bugs were found by the cybersecurity company CloudDefense.ai security researcher Viktor Markopoulos in the Jan Aadhaar portal in December.
The bugs were resolved last week through an intervention by the Indian Computer Emergency Response Team, or CERT-In, the report mentioned.
"This is to inform you that we have received a response from the concerned authority that the reported vulnerability has been fixed,” the agency was quoted as saying.
According to the researcher, a bug allowed anyone to access personal documents and information if they knew the phone number of the registrant.
The other flaw was causing the server to improperly validate one-time passwords, which allowed sensitive data to be returned.
The state's Jan Aadhaar portal, launched in 2019, clams that it has over 78 million individual registrants and 20 million families. The portal aims to provide "One Number, One Card, One Identity" to the residents of Rajasthan which can be used to access various state government welfare schemes.
Meanwhile, researchers have uncovered a highly-sophisticated cyber-espionage campaign, 'Operation RusticWeb', which the threat actors are using to target various personnel within the Indian government to steal confidential documents.
The campaign, first detected in October 2023, uses Rust-based malware and encrypted PowerShell commands, to exfiltrate confidential documents, according to Seqrite, the enterprise arm of global cybersecurity solutions provider, Quick Heal.
Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.
India’s First Mass Surveillance, Mass Spying and Unending Census Case
Dr Gopal Krishna
19 January 2024
“The forthcoming census could be the first digital census in the history of India. For this monumental and milestone-marking task, I have allocated Rs3,768 crore in the year 2021-22.”
- Nirmala Sitharaman, Union finance...
MCA Leaked Personal Data of India's Richest People and Company Directors, Says Security Expert
Moneylife Digital Team
18 January 2024
Due to a vulnerability or security bug, the website of the Union ministry of corporate affairs (MCA) leaked the personal data of Ratan Tata, Mukesh Ambani, Gautam Adani, Virat Kohli, Shah Rukh Khan and lakhs of other directors of...
Activist Files Complaint with Lokayukta To Nail Illegal Expenditure from LADS Fund by Pune MLA; Gets Relief
17 January 2024
In order to appease voters of housing societies, members of legislative assembly (MLAs) and members of legislative council (MLCs) of various political parties divert their local area development scheme (LADS) funds, given by the...
People Facing Major Hurdles while Exchanging Rs2,000 Notes at Post-offices
Moneylife Digital Team
04 January 2024
Although the Reserve Bank of India (RBI) says that Rs2,000 notes continue to be a legal tender and currency and can still be exchanged, it has placed a nightmarish process to exchange notes after September. RBI announced the...