#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Aadhaar | Breaking Cybersecurity News | The Hacker News

Category — Aadhaar
Any Indian DigiLocker Account Could've Been Accessed Without Password

Any Indian DigiLocker Account Could've Been Accessed Without Password

Jun 08, 2020
The Indian Government said it has addressed a critical vulnerability in its secure document wallet service Digilocker that could have potentially let a remote attacker bypass mobile one-time passwords (OTP) and sign in as other users. Discovered separately by two independent bug bounty researchers, Mohesh Mohan and Ashish Gahlot , the vulnerability could have been exploited easily to unauthorisedly access sensitive documents uploaded by targeted users' on the Government-operated platform. "The OTP function lacks authorization which makes it possible to perform OTP validation with submitting any valid users details and then manipulation flow to sign in as a totally different user," Mohesh Mohan said in a disclosure shared with The Hacker News. With over 38 million registered users, Digilocker is a cloud-based repository that acts as a digital platform to facilitate online processing of documents and speedier delivery of various government-to-citizen services.
LPG Gas Company Leaked Details, Aadhaar Numbers of 6.7 Million Indian Customers

LPG Gas Company Leaked Details, Aadhaar Numbers of 6.7 Million Indian Customers

Feb 19, 2019
Why would someone bother to hack a so-called "ultra-secure encrypted database that is being protected behind 13 feet high and 5 feet thick walls," when one can simply fetch a copy of the same data from other sources. French security researcher Baptiste Robert, who goes by the pseudonym "Elliot Alderson" on Twitter, with the help of an Indian researcher, who wants to remain anonymous, discovered that the official website of popular state-owned LPG gas company Indane is leaking personal details of its millions of customers, including their Aadhaar numbers. This is not the first time when an unprotected third-party database has leaked Aadhaar details of Indian citizens, which is a unique number assigned to each citizen as part of India's biometric identity programme maintained by the government's Unique Identification Authority of India (UIDAI). Earlier this week an anonymous Indian researcher initially discovered a loophole in the Indane's online
Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

Oct 23, 2024Identity Security / Data Protection
Identity security is front, and center given all the recent breaches that include Microsoft, Okta, Cloudflare and Snowflake to name a few. Organizations are starting to realize that a shake-up is needed in terms of the way we approach identity security both from a strategic but also a technology vantage point.  Identity security is more than just provisioning access  The conventional view of viewing identity security as primarily concerned with provisioning and de-provisioning access for applications and services, often in a piecemeal manner, is no longer sufficient. This view was reflected as a broad theme in the Permiso Security State of Identity Security Report (2024) , which finds that despite growing levels of confidence in the ability to identify security risk, nearly half of organizations (45%) remain "concerned" or "extremely concerned" about their current tools being able to detect and protect against identity security attacks.  The Permiso commissioned survey conducted o
Expert Insights / Articles Videos
Cybersecurity Resources