More

    Indane Gas Company Leaks Aadhaar Details of Millions!

    Another day. Another leak.

    If you’re not bothered by any data leaks, well, at least now you should. ‘Coz it’s Aadhaar now!

    Indane Gas Company Leaks Aadhaar Details of Millions!

    Indane Gas Company Leaks Aadhaar Details of Millions!
    Aadhaar Details Leaks

    Remember what they’ve taken from us while registering?

    Your retinal scan, fingerprints, sensitive details of you and your family. That’s more than enough to hack you and if possible, make money.

    Aadhar number is just like Social Security Number which records complete details of a citizen. And because of some vulnerabilities, they’re often exposed explicitly. Today’s exposure is of Aadhaar’s from Indane company’s portal.

    Indane Oil and Gas company is a fuel service provider and a subsidiary of IOC (Indian Oil Corporation), which is the world’s second largest LPG marketer according to Wiki.

    The leak was tested and confirmed by Baptiste Robert (a.k.a Elliot Alderson), a French security researcher having experience in finding such security leaks.

    Aadhaar Card Leaks
    Aadhaar Card Leaks

    On February 10th, Elliot on Twitter received a private message from a guy spotting the vulnerability. He shared a URL which contains Consumer’s Aadhaar no. and their “Total records” via associated dealer’s ID. So if we managed to get the dealer’s ID’s, we could open the “Total Records” of every consumer he serves.

    And Elliot did it!

    There’s an Android app of Indane which too has an endpoint that’s leaking. That’s where Elliot learned about Dealer IDs from “Locate Distributor” option.

    He then coded a python script which gave him the IDs of 11,000+ dealers.

    Indane Leaks Aadhar Details
    Indane Leaks Aadhar Details

    How big is this leak?

    From the obtained dealers IDs, Elliot scraped out the details of 5.7million consumers, which includes their names, addresses, phone and Aadhaar numbers etc.

    And in his process of surfacing much, his script was blocked (maybe by Indane) and couldn’t get further. But from what he got, the leak was estimated to be around 6.7million customers data.

    His full blog post – https://bit.ly/2EhI92M

    The leak was even indexed by Google as the Indane’s dealers portal was poorly authenticated.

    There’s no comment by Indane till now, and are yet to respond.

    Recent Articles

    WonderFox DVD Video Converter [REVIEW]

    WonderFox DVD Video Converter is a one-stop solution to backup all kinds of DVD disc including Disney movies, Paramount, Sony Pictures Entertainment, Universal Pictures,...

    Spotify Premium Apk Free Download 2020

    Are you looking for Spotify Premium Apk? Don’t worry! I have got your back. In this article, you are going to get the latest...

    Netflix Cookies 02 July 2020 Hourly Updated

    Are you looking for a premium Netflix account using Netflix cookies? Don't worry in this article I am sharing 5 working Netflix Premium Cookies...

    List of 59 Apps Banned in India and their Alternatives

    The Ministry of Electronics and Information Technology on 29th June banned 59 Apps in India including some of the most famous apps like Tik...

    How To Fix Steam Store Not Loading

    What is Steam? Fix Steam Store Not Loading: Steam is one ultimate destination for playing, discussing, and creating new games. On steam, you can find...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Stay on op - Ge the daily news in your inbox