The part of the site was indexed in Google, allowing anyone to bypass the login page altogether and gain access to the dealer database. Indane is said to have more than 90 million customers across India.
The data was found by a security researcher who asked to remain anonymous for fear of retribution from the Indian authorities, according to TechCrunch. However, another researcher, who goes by the online handle Elliot Alderson and has prior experience investigating Aadhaar exposures, investigated the exposure and provided the results to the online publication.
He found exposed over 11, 000 valid dealer IDs, including names and addresses of customers, as well as the customers’ confidential Aadhaar number hidden in the link of each record. The researcher, who explained more about his findings in a blog post, estimates the total number affected could surpass 6.7 million customers.
In 2018, the gas and energy company was found leaking data from an endpoint with a direct connection to Aadhaar’s database. This time, however, the leak is believed to be limited to its own data.
TechCrunch contacted both Indane and UIDAI, but did not hear back.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the The Paypers website, they in no way represent the opinion of The Paypers.