Government website that was not updated in terms of security is alleged to have leaked Aadhar data of over 110 million Indian farmers, according to Security researcher – Atul Nair. The website is the website of PM Kisan that stands for Pradhan Mantri Kisan Samman Nidhi initiative.
Nair has posted his discoveries on medium, he says “PM Kisan website provides a dashboard feature to view various charts and data. An endpoint in the dashboard was leaking Aadhar numbers of all the farmers based on region (state, district, village).”
“An attacker could have easily gathered all the data by writing a basic script.”
Nair states the leak is because of the lack of authorization, the issue was reported to CERT-In, and PM Kisan website has now taken down the vulnerable endpoint. While the exact number of Aadhar data leaked is unknown, the website has over 11 crore farmers registered and all of them could have been the victims of the leak.
While the data leak from the PM Kisan website would have exposed the personal details of 11 crore farmers, this is not the first time. In 2019, the website of the state-owned gas company – Indane leaked Aadhar Data for dealers and distributors. Jharkhand’s website to track the attendance of government employees was weak enough to give access to personal details of the state’s 1,66,000 government employees.