PM Kisan Website, an Indian government portal designed for the welfare of the agriculture sector, has leaked a large number of farmers’ Aadhaar data. Security researcher Atul Nair found the issue and reported it in a blog post.
The website lacks authorization at the endpoint. So, an attacker can write a basic script to gather Aadhaar data from the website. After finding the issue, Atul reported it to CERT-In and the issue was later fixed. Atul found and responsibly reported the issue. It is not confirmed if the data was fetched by any other person.
Also see: How to Download e-Aadhar Card
Pradhan Mantri Kisan Samman Nidhi or PM-Kisan is a government initiative that gives farmers a minimum support income of Rs 6,000 per year. The website uses Aadhaar data for registration and then for direct benefit transfer in bank accounts. The website has more than 110 million farmers registered and this leak could affect all registered farmers.
There have been several incidents when government websites have leaked citizens’ Aadhaar data. Although the Aadhaar number is not secretive by nature, it could leave details like address, bank details, and others.
