Anonymous sellers on WhatsApp are providing unrestricted access to over a billion Aadhaar details for just Rs 500, an investigation by The Tribune newspaper has revealed.
The newspaper reports that a correspondent “purchased” a service from an anonymous seller on WhatsApp by paying Rs 500 via Paytm.
Within minutes, the agent provided a login ID and password to a portal where the correspondent could enter any Aadhaar number and gain instant access to all of its details including name, address, phone number, photo and email.
In addition to this, the sellers are also providing a “software” to allow you to print the Aadhaar card that you have accessed for Rs 300 more. This is perhaps the biggest security breach of Aadhaar seen so far and UIDAI agreed when contacted. Officials were “shocked” on hearing about the scam and have taken up the matter with UIDAI technical consultants in Bengaluru.
“Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach,” Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, Chandigarh told The Tribune.
The investigation revealed that the operation started around six months ago. Some anonymous groups were created on WhatsApp who began by targeting over 3-lakh village-level enterprises (VLE) hired by Ministry of Electronics and Information Technology (ME&IT) under the Common Service Centres Scheme (CSCS), and offered them unrestricted access to all Aadhaar details that have been created so far.
Initially, the CSCS was entrusted in making Aadhaar card in India, but their job was soon taken and given to post offices and designated banks in November to avoid security breaches.
Over one lakh VLE are now suspected for gaining illegal access to Aadhaar data to provide the service to people for a fee. Additionally, the hackers may have gained access to a website of the Government of Rajasthan, aadhaar.rajasthan.gov.in, as it was provided in the “software” that allows people to access and print Aadhaar cards.
The investigation has managed to uncover a major data breach and an operation that has been running for at least six months.
It comes following UIDAI’s claims in November that Aadhaar details were safe from breaches. However, the latest report suggests that a simple process of paying Rs 500 can allow a person to gain access to every Aadhaar card in India, which can be used for nefarious purposes in the wrong hands. Linked SIM cards and bank accounts, among other things, can be misused with this knowledge.
Those who have an Aadhaar card can track whether there has been any misuse. The UIDAI recently introduced an option on its website to help you view the history of where your Aadhaar was used.