The Aadhaar details of nearly 68 lakh customers of state-owned gas company Indane have been leaked on its website, a report claimed on Tuesday. The breach occurred after the part of the website for dealers and distributors was indexed in Google, allowing anyone to log in to the page even without a username and password, according to Tech Crunch.
Indane has more than 9 crore customers across India. This is the second time Indane has been involved in a data leak controversy. In 2018, a security researcher had found an endpoint on a system run by Indane that let anyone download Aadhaar details.
In a post on Medium on Tuesday, French cyber security researcher Baptiste Robert, who goes by the name Elliot Alderson, has claimed that he found customer data for 11,000 dealers as well as their confidential Aadhaar numbers using a custom-built script to scrape the database.
Alderson claimed that 58 lakh Indane customers were affected by this leak until his IP was blocked. An estimated total number affected could be close to 68 lakh customers, he added.
Alderson said he had got an anonymous tip about Indane leaving Aadhaar details of customers exposed on its website. He publicly shared the leak after he did not receive a response from Indane.
Tech Crunch said it had separately verified a sample of Aadhaar numbers from the site using UIDAI’s online verification tool, and found that each record came back as a positive match.
Earlier this month, a Jharkhand government web system leaked personal information and Aadhaar numbers of nearly 1.66 lakh government employees, Tech Cruch had reported. In 2018, Alderson had also exposed the leak in Telangana government’s benefit disbursement portal TSPost, which had account details and Aadhaar numbers of 56 lakh National Rural Employment Guarantee scheme beneficiaries, and 40 lakh beneficiaries of the social security pensions.