More

    Indane Gas Company Leaks Aadhaar Details of Millions!

    Another day. Another leak.

    If you’re not bothered by any data leaks, well, at least now you should. ‘Coz it’s Aadhaar now!

    Indane Gas Company Leaks Aadhaar Details of Millions!

    Indane Gas Company Leaks Aadhaar Details of Millions!
    Aadhaar Details Leaks

    Remember what they’ve taken from us while registering?

    Your retinal scan, fingerprints, sensitive details of you and your family. That’s more than enough to hack you and if possible, make money.

    Aadhar number is just like Social Security Number which records complete details of a citizen. And because of some vulnerabilities, they’re often exposed explicitly. Today’s exposure is of Aadhaar’s from Indane company’s portal.

    Indane Oil and Gas company is a fuel service provider and a subsidiary of IOC (Indian Oil Corporation), which is the world’s second largest LPG marketer according to Wiki.

    The leak was tested and confirmed by Baptiste Robert (a.k.a Elliot Alderson), a French security researcher having experience in finding such security leaks.

    Aadhaar Card Leaks
    Aadhaar Card Leaks

    On February 10th, Elliot on Twitter received a private message from a guy spotting the vulnerability. He shared a URL which contains Consumer’s Aadhaar no. and their “Total records” via associated dealer’s ID. So if we managed to get the dealer’s ID’s, we could open the “Total Records” of every consumer he serves.

    And Elliot did it!

    There’s an Android app of Indane which too has an endpoint that’s leaking. That’s where Elliot learned about Dealer IDs from “Locate Distributor” option.

    He then coded a python script which gave him the IDs of 11,000+ dealers.

    Indane Leaks Aadhar Details
    Indane Leaks Aadhar Details

    How big is this leak?

    From the obtained dealers IDs, Elliot scraped out the details of 5.7million consumers, which includes their names, addresses, phone and Aadhaar numbers etc.

    And in his process of surfacing much, his script was blocked (maybe by Indane) and couldn’t get further. But from what he got, the leak was estimated to be around 6.7million customers data.

    His full blog post – https://bit.ly/2EhI92M

    The leak was even indexed by Google as the Indane’s dealers portal was poorly authenticated.

    There’s no comment by Indane till now, and are yet to respond.

    Recent Articles

    Overwatch Tier List

    Overwatch Tier List: Overwatch is a colourful team-based shooter game starring a diverse cast of powerful heroes. It is developed and published by Blizzard...

    10 Best Ebook Torrent Sites

    Ebook Torrent Sites: Electronic books are called an eBook. eBooks can be read on digital devices like a tablet, mobile phone, computer, laptop, etc....

    10 Best Websites to Watch Cartoons Online for Free

    Watch Cartoons Online: Who does not love watching cartoons? Cartoons are favourite for all age groups be it kids or even adults. Some of...

    How To Fix Steam Missing File Privileges

    Steam Missing File Privileges: Steam is one ultimate destination for playing, discussing, and creating new games. On steam, you can find over more than...

    10 Best Sims 4 Mods

    The Sims 4 is a life simulation game that gives the players the power to create and control people. The players can experience creativity,...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Stay on op - Ge the daily news in your inbox