The Bengaluru Police, on 1 August, arrested Abhinav Srivastava, a software-development engineer, for allegedly hacking and accessing data through the Unique Identification Authority of India (UIDAI).
Speaking to the Times of India the police said:
Srivastav had developed an e-KYC verification mobile application and hosted the same on (Google) Play Store. Anyone clicking on this app would enter the e-hospital service, which is a central government scheme with Aadhaar-related details in it.
A complaint had been lodged against Abhinav Srivastava, an IIT-Kharagpur graduate and Qarth Technologies Pvt Ltd, his mobile-payment company for accessing Unique Identity Development Authority of India (UIDAI)‘s central information depository. Srivastava was using UIDAI’s database to run a private app called Aadhaar ‘eKYC Verificaton’, reported The Indian Express.
The now-deleted app, ‘X-Pay’ was available on Google Play store and claimed that it could help businesses validate Aadhaar numbers by verifying customer Aadhaar numbers. The complaint was lodged by the Bengaluru police on 26 July and have asked its cyber crime to investigate the case. The complaint alleges that the illegal usage of Aadhaar data occurred between 1 January 2017 and 26 July 2017.
App Had Nearly One Lakh Users, Accessed Demographic Data
X-Pay, the app was allegedly accessing the demographic data in Aadhaar database without authorisation. An UIDAI official told The Indian Express:
We are hoping the police will help us identify how it was done when they arrest the suspects. The investigation is on and we would not like to comment. However, there has been no breach, no leakage and no theft of data. And we have been able to maintain the security.
However, police sources say that this breach is a cause of concern. “There is a fear that somebody figured out a way through the code to get easy access to the central depository of identities. This is a source of concern. It is also possible that somebody who worked with authentication data at a basic or higher level may have held on to security keys without knowledge of authorities,” a source told the daily.
Till 1 June 2017, X-Play had between 50,000 to 1 lakh users, according to data from the Play Store.
(We all love to express ourselves, but how often do we do it in our mother tongue? Here's your chance! This Independence Day, khul ke bol with BOL – Love your Bhasha. Sing, write, perform, spew poetry – whatever you like – in your mother tongue. Send us your BOL at bol@thequint.com or WhatsApp it to 9910181818.)
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)