UIDAI always claim that Aadhaar system is completely safe and users should not worry about their data and privacy. Indian Government wants people to link everything to Aadhaar. Recently, it started the process of linking Aadhaar to Mobile Number. But the reality is shocking.
We just came across a shocking news for Indian people and Government. As per a report published in The Tribune newspaper, entire Aadhaar database is now available for just Rs. 500. The data is of over 1 billion Indian citizens including every single detail. If you pay just Rs. 300 more, you will get the software that can even take print out of Aadhaar card of any person you wish.
Up to 35% off on printersGet big discounts on printers
Also see: Download e-Aadhaar
Tribune correspondent got access to the whole database through a web-based search portal and she also gave another Rs. 3000 to get the Aadhaar printing software.
Before you make any conclusion, you should know that the data was not hacked from UIDAI server. People behind this software and service exploited access rights of over 3 lakh village-level enterprise (VLE) operators. The VLEs were hired during initial days of Aadhaar enrollment for enrolling citizens into Aadhaar.
VLEs were banned last year in April and only post offices and bank premises are now allowed to be used for Aadhaar enrollment. After becoming jobless, some of VLE operators went ahead and started offering full access to Aadhaar database, using their IDs and passwords for quick money
The correspondent from Tribune received the user ID and password of one such VLE from Rajasthan and the access URL pointed to “aadhaar.rajasthan.gov.in” for Aadhaar printing.
It is surprising to see that UIDAI banned VLEs but never blocked their access. This is a major security lapse and UIDAI should block all such accounts immediately from accessing the servers.
UIDAI has confirmed that there was no access to biometric data. So, just personal information was accessed. If this is the case, the risk is low. As your personal information including phone number and address is already available on lots of websites you use. Without Biometric data, no one can misuse your details. But it can be used for marketing purpose and social engineering.
What do you think about this? Let us know your thoughts in the comments.