Indias biometric ID programme, Aadhaar, has been hit by another major security lapse, allowing access to private information, business technology news website ZDNet reported on Saturday.
A data leak on a system run by a state-owned utility company can allow access to private information of Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details, ZDNet said.
Even though the security lapse had been flagged to some government agencies over a period of time, it has yet to be fixed. ZDNet said it was withholding the name of the utility and other details.
Karan Saini, a New Delhi-based security researcher, said that anyone with an Aadhaar number was affected.
This is a security lapse. You dont have to be a consumer to access these details. You just need the Uniform Resource Locator where the Application Programming Interface is located. These can be found in less than 20 minutes, Saini said.