Two users on Twitter, early on Thursday, took to the microblogging site to point out the lack of data privacy being observed by Delhi University’s (DU) online portal where students download their admit cards. The admit card is essential for DU students to appear for university examinations.
In screenshots from the website’s login portal for students to download their admit cards, there are three separate fields for ‘exam roll no’, ‘student name’ and ‘gateway password’. All the fields are marked with an asterisk, making them mandatory to be filled for students to be able to access their admit cards.
Students Of One College Share Same ‘Gateway Password’ For DU Online Portal
The tweets have pointed out that the three fields don’t ensure an adequate level of data privacy, as they are easily available to other students from the same college, all of whom share the same ‘Gateway Password’.
Twitter user Vivek Prasad wrote that the common college ‘Gateway Password’ can be used by any student to gain access to the previous semester examinations results available on the website, through which the names and roll numbers of all the students can be accessed. Those could then be used to log in to the university’s portal for admit cards. A student’s admit card contains his/her home address, phone number and email id.
Prasad added, “I have noticed that not only home address but also the phone number and email addresses of the students are printed on Delhi University’s online admit card which is totally unsecured and accessible freely by the public.”
“There is a very real risk of a potential stalker getting hold of a phone number, email ID and home address of a potential victim through the Delhi University Online Admit Card. There are also far graver risks that emerge from this blatant disregard for students’ personal data protection.” Prasad said that the portal could be made a lot safer with one-time passwords (OTPs) for every login attempt by a student.
The dangers to data privacy of DU students were relayed by another Twitter user Ribhav.
This story will be updated soon with comments from experts on data privacy and security.