A French researcher has found a security lapse that allegedly exposed millions of Aadhaar numbers of dealers and distributors associated with Indane, an LPG brand owned by the Indian Oil Corporation (IOC).
Baptiste Robert, who goes by the online handle Elliot Alderson and has exposed Aadhaar leaks in the past, wrote in a blog post on Medium late Monday that the Aadhaar data of nearly 6.7 million dealers and distributors of Indane, accessible only with a valid username and password, was left exposed.
“Due to a lack of authentication in the local dealers portal, Indane is leaking the names, addresses and the Aadhaar numbers of their customers,” said Alderson. By running this content, it gives us 11062 substantial merchant ids. After over 1 day, my content tried 9,490 merchants and found that a sum of 5,826,116 Indane clients are influenced by this hole,” he composed.
The French analysts found 5.8 million Indane client records before his content was blocked. “Sadly, Indane most likely hindered my IP, so I didn’t test the staying 1,572 merchants. By doing some basic math we can estimate the final number of affected customers around 6,791,200,” Alderson added. Indane and the Unique Identification Authority of India (UIDAI) were yet to comment on this data leak.