New Delhi: A security lapse on the part of state-run gas company Indane has potentially exposed millions of Aadhaar numbers, according to an analysis by French cyber researcher Baptiste Robert.
On Tuesday morning, Baptiste, who goes by the online handle Elliot Alderson, posted that Indane had left exposed a part of its website that was meant for dealers and distributors.
“Using a custom-built script to scrape the database, he found customer data for 11,000 dealers, including names and addresses of customers, as well as the customers’ confidential Aadhaar number hidden in the link of each record,” a TechCrunch report noted.
“Robert, who explained more about his findings in a blog post, found 5.8 million Indane customer records before his script was blocked. In all, Robert estimated the total number affected could surpass 6.7 million customers,” the report added.
In a tweet put out on Tuesday afternoon, Indian Oil denied Robert’s allegations, noting that were was “no leak of Aadhaar data”
— Indian Oil Corp Ltd (@IndianOilcl) February 19, 2019
However, Robert noted that due to a “lack of authentication in the local dealers portal”, a total number of affected customers is around “67,91,200”.
The latest security incident comes after a wave of similar such situations over the last two years.
While Aadhaar numbers aren’t classified as “secret information”, as per provisions of the Aadhaar Act, they are not supposed to be published publicly.