Jharkhand Government Reportedly Exposed Details of Thousands of Workers.
According to a report by TechCrunch, the Web-based attendance system of the Jharkhand government has been left unprotected at least as so many back as 2014. It offered details like government employee name, their image, designation, phone numbers, and also the Aadhaar number. The Aadhaar numbers weren’t directly listed on the webpage, however, the website was fetching the image of the employees by sending their Aadhaar number, that is clearly visible within the URL of the image link.
The report adds that the attendance system was hosted on a sub-domain of the official website of the Jharkhand government and the same was even indexed in Google, creating its unexpected discovery rare possible for anyone. The cache pages of the individual government worker group action records are often simply found within the search giant’s index. Further, anyone with even the essential data of coding might scrape the complete website very simply, the report claimed to cite a security researcher. Over a 100000, Aadhaar numbers are said to have been left unprotected.
Although the most recent leak is not directly associated with the Unique Identification Authority of India (UIDAI), the agency that manages Aadhaar infrastructure within the country, it shows, however, the Aadhaar information will become so simply vulnerable even when in hands of alternative governmental agencies. Also, the mere leak of Aadhaar numbers does not appear very alarming, however, such a database has the potential of getting used by malicious parties for social engineering hacks.