Exposing vulnerabilities, a French researcher breached the Telangana government benefit disbursement portal ‘TSPost’ on Sunday 25 February. The portal holds Aadhaar details of 56 lakh beneficiaries of NREGA (National Rural Employment Guarantee scheme) and 40 lakh beneficiaries of social security pensions (SSP), reported The Times of India.
The researcher, Baptiste Robert, has been actively working towards highlighting the lack of security of data in the Aadhaar database. On 25 February he posted on his Twitter how, with a simple hack, he could access the data on TSPost.
Hackers and researchers commonly use SQL (structured query language) code to attack the backend of a website.
After he pointed out the vulnerability, the government put the website offline.
In theory, a government website is very secure, but in India, it’s another story. http://tspost.aponline.gov.in is vulnerable to a basic SQL injection that allows an attacker to access the database of the website. To be clear, all the data on this website can be a dump. Telangana government officials say they are working to fix it. For this website, they have to hire decent web developers to protect it from attacks.Baptiste Robert told The Times of India
The report in The Times of India quoted a TSPost official as saying, “We are working on fixing the vulnerability after it was reported to us. It was online due to certain dependencies. We have taken off the site from the web, and we hope by Tuesday evening we will be able to set it right.”
(Hey there, lady! What makes you laugh? Do you laugh at sexism, patriarchy, and misogyny? Do 'sanskaari' stereotypes crack you up? This Women's Day, join The Quint's Ab Laugh Naari campaign. Pick up that beer, say cheers, and send us photographs or videos of you laughing out loud at buriladki@thequint.com.)
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)