Aadhaar Dare: Hackers Deposit Re 1 in TRAI Chief’s Bank Account
Unique Identification Authority of India (UIDAI) on Sunday, 29 July, dismissed claims made by “certain elements” on social media that they have fetched personal details of Telecom Regulatory Authority of India (TRAI) Chief RS Sharma after his Aadhaar dare.
Any information published on Twitter about RS Sharma wasn’t fetched from Aadhaar database or UIDAI’s servers. In fact, this so-called “hacked” information was already available in public domain, he being a public servant for decades, and was easily available on Google and other websites.UIDAI Statement
To show confidence in the system, Sharma, on 28 July, threw an open challenge on Twitter, by revealing his 12-digit Aadhaar number and asking (more like, challenging) if it made him vulnerable to any security risk.
Soon after, Elliot Alderson, a French security researcher who has exposed Aadhaar vulnerabilities in the past as well as flaws in Patanjali’s Kimbho and Bolo Messenger apps, revealed some of Sharma’s personal data in a series of tweets.
This included his personal address, birth date, email, alternate phone number and PAN number. He then tried explaining to the TRAI chief why it wasn't a good idea to make his Aadhaar number public.
Hackers Deposit Re 1 in Sharma’s Bank Account
A few of the ethical hackers also got hold of Sharma’s bank account details through his Aadhaar number.
Some of them deposited Re 1 in his Bank of India account, via BHIM and Paytm apps, and posted screenshots of the same on Twitter. The hackers claimed to have bank numbers and IFSC codes for five of Sharma’s bank accounts including PNB, Bank of India, SVI, Kotak Mahindra and ICICI, reported The Times of India.
Elliot Anderson’s Response to the Challenge in Tweets
“People managed to get your personal address, DoB and your alternate phone number. I stop here. I hope you will understand why making your Aadhaar number public is not a good idea,” Alderson wrote in his tweet.
Sharma Still Not Convinced
Amid a debate on privacy concerns, which has also reached the Supreme Court, activists and people in general fear that the 12-digit number posed a threat to citizen's privacy.
Sharma had earlier, in an interview, said that there had not been a single instance of data being breached, and had there been one, the entire Aadhaar database would have been vulnerable.
Alderson, who is known to have revealed security loopholes in the Aadhaar data system, also posted screenshots of Sharma's leaked details with key areas blackened and hidden.
One of the screenshots even carried his PAN details. But that too was hidden.
However, Sharma is not convinced that all these details have been revealed by hacking the Aadhaar database. In fact, he insisted that Aadhaar does not compromise the privacy of any individual.
(With inputs from IANS.)
(The Quint is now available on Telegram. For handpicked stories every day, subscribe to us on Telegram)