Gujarat government’s real estate regulatory authority website has allegedly left one of its download URL unprotected, which in turn exposed sensitive citizen data such as PAN cards, Aadhaar cards, passport size photos, income tax details among other documents.
This data leak was discovered by the French cybersecurity expert Baptiste Robert (who goes by the pseudonym Elliot Alderson on Twitter) yesterday on September 19. Elliot shared a download link (https://gujrera.gujarat.gov.in/download?DOC_ID=XXX) from Gujarat’s RERA website which was pulling up citizen documents on replacing ‘XXX’ with any random three-digit number.
Since then, multiple twitter users replied to Elliot tweet, confirming that they were able to access multiple PAN cards, Aadhaar cards, financial declarations by a company, income tax details of citizens, among other documents.
Related Article: Govt’s Health Portal ORS Leaked Data Of 2 Mn Users: Report
Following this, the Gujarat RERA website is currently inaccessible on September 20 morning. Also, the download link shared by Elliot cannot be accessed anymore.
Elliot too confirmed in a tweet that the link has been fixed. “The Indian government should do a general audit of their websites because, unfortunately, I can play this game for a very long time,” he added in the tweet.
Aadhaar Database Leaks On The Rise
Unfortunately, this is not the first case of Indian government leaking the citizen’s data. Just this May, Andhra Pradesh government exposed Aadhaar data of thousands of its state farmers.
The state government’s Agricultural Ministry website had publicly uploaded the list of its scheme beneficiaries containing private details such as mobile number, caste, village division, in addition to the benefactor’s Aadhaar number.
Also in January, Aadhaar database of government workers in Jharkhand was leaked by a state government’s website which has left the details of these workers exposed without a password.
With Indian government planning to link citizen’s social media accounts to aadhaar numbers, these frequent cases of database leaks by the government websites become much more alarming.