Andhra Pradesh agriculture ministry site exposed Aadhaar data of farmers
A French security researcher who goes by the Twitter name Elliot Alderson and @fs0c131y Twitter handle, first discovered the data breach on Tuesday.
ET has reviewed a copy of the database, which had details of thousands of farmers including their names, father’s name, mobile numbers, names of their village, tractor type and caste, among others.Read more ↓
The information was also accessible through a simple Google search. The agriculture department had not answered ET’s email query about the data breach until press time.
The Andhra Pradesh government faced similar cases of data leaks last year, when the personal data of more than 23,000 farmers who had received subsidies from the Andhra Pradesh Medicinal and Aromatic Plants Board were leaked through an open database on the state government portal.
Further, an unsecured website of the state government also exposed the names and numbers of individuals who had purchased medicines from a governmentrun store, along with other details such as phone numbers and purchase details.
Earlier in February, Elliot Alderson had also found customer data for nearly 11,000 dealers and distributors, including names and addresses of customers, of Indane, an LPG brand owned by the Indian Oil Corporation (IOC), due to a lack of authentication in the local dealers’ portal.
Alderson used a custom-built script to scrape the database, but his IP address was blocked by Indane later. Cybersecurity experts said there could be several implications for such recurring leaks. “Hackers can always use such data for social engineering or frauds on the targeted users. Through fake calls or messages, hackers can always dupe users, which is why it is so critical,” said Bikash Barai, cofounder of Fire-Compass, a cybersecurity firm.
Experts also suggest that the third-party data breach needs to be strictly controlled while the dark-web needs to be strongly monitored.