More

    Indane Gas Company Leaks Aadhaar Details of Millions!

    Another day. Another leak.

    If you’re not bothered by any data leaks, well, at least now you should. ‘Coz it’s Aadhaar now!

    Indane Gas Company Leaks Aadhaar Details of Millions!

    Indane Gas Company Leaks Aadhaar Details of Millions!
    Aadhaar Details Leaks

    Remember what they’ve taken from us while registering?

    Your retinal scan, fingerprints, sensitive details of you and your family. That’s more than enough to hack you and if possible, make money.

    Aadhar number is just like Social Security Number which records complete details of a citizen. And because of some vulnerabilities, they’re often exposed explicitly. Today’s exposure is of Aadhaar’s from Indane company’s portal.

    Indane Oil and Gas company is a fuel service provider and a subsidiary of IOC (Indian Oil Corporation), which is the world’s second largest LPG marketer according to Wiki.

    The leak was tested and confirmed by Baptiste Robert (a.k.a Elliot Alderson), a French security researcher having experience in finding such security leaks.

    Aadhaar Card Leaks
    Aadhaar Card Leaks

    On February 10th, Elliot on Twitter received a private message from a guy spotting the vulnerability. He shared a URL which contains Consumer’s Aadhaar no. and their “Total records” via associated dealer’s ID. So if we managed to get the dealer’s ID’s, we could open the “Total Records” of every consumer he serves.

    And Elliot did it!

    There’s an Android app of Indane which too has an endpoint that’s leaking. That’s where Elliot learned about Dealer IDs from “Locate Distributor” option.

    He then coded a python script which gave him the IDs of 11,000+ dealers.

    Indane Leaks Aadhar Details
    Indane Leaks Aadhar Details

    How big is this leak?

    From the obtained dealers IDs, Elliot scraped out the details of 5.7million consumers, which includes their names, addresses, phone and Aadhaar numbers etc.

    And in his process of surfacing much, his script was blocked (maybe by Indane) and couldn’t get further. But from what he got, the leak was estimated to be around 6.7million customers data.

    His full blog post – https://bit.ly/2EhI92M

    The leak was even indexed by Google as the Indane’s dealers portal was poorly authenticated.

    There’s no comment by Indane till now, and are yet to respond.

    Recent Articles

    10 Best Free Beat Making Software for Windows

    Are you someone who loves making beats and create their own music or soundtracks but hasn’t found a good software for Windows, that is...

    Top 8 Best Chrome Extensions Must Have 2020

    Are you looking for Best Chrome Extensions? Don’t worry! I have got your back. In this article, you are going to get the latest...

    Top 10 Best Android Camera Apps of 2020

    Best Android Camera App: Nowadays, people while buying Android phones do not watch the features of the phone but firstly watch the camera quality...

    Top 10 Best Android Hacking Apps & Tools in 2020

    Are you looking for Android Hacking Apps? Don’t worry! I have got your back. In this article, you are going to get the latest...

    10 Best Overclocking Software for PC

    What is Overclocking? It is the practice of increasing the clock rate of a computer to exceed that certified by the manufacturer. Meaning running the...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Stay on op - Ge the daily news in your inbox