This is How Criminals Can Collect Data About You From Just Your Aadhaar Number

Ever since the personal details of TRAI master, Ram Sewak Sharma, were leaked afterwards he dared hackers to inflict whatsoever damage past publicly tweeting his Aadhaar number, the country has been abuzz near the result of privacy, which ways Aadhaar is back in the limelight for all the incorrect reasons. Reports about vulnerabilities in UIDAI'due south data system bated, there is a lot more than harm which tin be inflicted past but knowing a person'due south Aadhaar number which borders on the lines of identity theft.

Many mistakenly merits that merely knowing someone's Aadhaar number is not enough, but as we can see it's not just enough but tin can really exist more than than plenty at times for criminals.  In the wake of the RS Sharma incident, Nilesh Trivedi, a software proficient explained in particular the harm criminals can inflict on you lot past simply knowing your Aadhaar number, and trust me when I say this, the heart-opening information will send a arctic down your spine.

Once a malicious party knows your Aadhaar number, they can practice a quick Google search to know whether someone has previously uploaded Aadhaar-linked personal details about you on the internet and left the documents unsecured, and if the answer is yes, they now know your name and other identity details, which besides opens the doors to your social media identity.

Or worse, your mobile number is lying in that location exposed on some page of the internet. And if a person knows his mode around the internet, he can access your Aadhaar details, and of millions of other people which are openly listed on government websites, which as well includes academic information, medical history, address and DOB, social scheme benefits, etc. And as we recently witnessed in the case of the TRAI Chairman, no less than fourteen pieces of information such as his address, PAN menu number, mobile number, etc. were exposed by just using his Aadhaar number.

Just let's presume that just your Aadhaar number and mobile number are accessible to a person with malicious intentions. In one case, they have your mobile number, a cloned SIM can easily exist created by criminals in the secret market place, which can now be used to receive OTP for a host of tasks ranging from creating a simulated electronic mail account to accessing social media platforms such equally WhatsApp, Facebook, etc. which means the victim's interests and social media connections are all at present attainable. Merely there is not where it ends.

Since the phone number is linked to mobile payment platforms (read: UPI), information technology can now be used to access the victim'south purchase history, and also reset your password on diverse platforms by sending a forget password prompt and receiving the reset OTP message, all thanks to two-factor authentication. Besides, one tin subscribe the victim to a paid service without their consent.

https://twitter.com/nileshtrivedi/status/1023203009201762304

As for Aadhaar, since the intrinsic APIs provide third parties a free hand to employ an identification technology rather than a secure user authorization aqueduct, the idea of consent is well-nigh non-real. Which basically means, even if your biometrics are unique, the demographic profiling employed by the Aadhaar system will be sufficient to mimic the victim'south identity on third-party platforms.

https://twitter.com/nileshtrivedi/condition/1023204083388182528

But there is some other major gene which comes to play here, and that is the level of authentication. As per Trivedi, a bulk of users oasis't locked their biometrics, which substantially means that there is effectively no layer of authentication required when it comes to Aadhaar, which is something Airtel employed to open Airtel Payments Bank account of people who bought new SIMs, an human action for which the company was afterward slapped with a hefty fine.

And an even worse part is that Aadhaar is unique and irrevocable, which ways in one case your privacy has been compromised, there is no turning back. The reason? Ane can discard his phone number and interconnect all platforms with his new mobile number, only the aforementioned tin't be done with the UID, so the wheel volition continue.

The EPFO has already close downward the Aadhaar seeding portal once in the past later it was revealed that hackers stole data, so what more balls is in that location that it can't happen once more on a massive scale?

The only lesson here is that UIDAI should quit existence in denial mode and start implementing measures which can prevent a mass information cataclysm. At the moment, Aadhaar has go a privacy nightmare, having in one case been touted as the nigh ambitious biometric identification initiative in the globe.

But information technology is not just the cyber security and its implementation that demand to exist prioritised; there is besides a demand for stricter regulation on how biometric information is collected, especially later reports of tools being sold online that can featherbed Aadhaar'southward biometric security protocol.

Source: https://beebom.com/aadhaar-number-criminals-data/

Posted by: gauthierherand85.blogspot.com

Share this post