In an investigation by The Tribune, it was found that by paying just Rs 500 ($8) you can get unrestricted access to Aadhar database which contains details about more than 1 billion Indian residents.
The reporter said that the service is offered via WhatsApp and users need to pay Rs 500 via Paytm get access to the UIDAI database.
A login ID and password will be provided by the agent where users can enter any Aadhar number and access details like name, address, postal code (PIN), photo, phone number and email.
“It took just Rs 500, paid through Paytm, and 10 minutes in which an “agent” of the group running the racket created a “gateway” for this correspondent and gave a login ID and password. Lo and behold, you could enter any Aadhaar number in the portal, and instantly get all particulars that an individual may have submitted to the UIDAI (Unique Identification Authority of India), including name, address, postal code (PIN), photo, phone number, and email.”
For another Rs 300 ($5) the agent will provide a software where you take print out of the Aadhar by entering any Aadhar number.
The Tribune said that on further investigation it was found that the operation may have started around six months ago when some anonymous group was created in WhatsApp targeting over 3 lakh village-level enterprise (VLE) operators.
They were hired by the Ministry of Electronics and Information Technology (ME&IT) under the Common Service Centres Scheme (CSCS) and offered them access to UIDAI data.
From last November the CSCS operators were withdrawn from the service and access was restricted to post office and designated banks to avoid the breach.
The Tribune also said that the hackers might have gained access to the website of the Government of Rajasthan because the software provides access to aadhaar.rajasthan.gov.in where the user can access and take print out of the Aadhar card of anyone.
Sanjay Jindal, Additional Director-General, UIDAI Regional Centre, told The Tribune that “Except the Director-General and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach.”
He also said that all this could be confirmed only after a technical investigation by the UIDAI.
Anyway UIDAI has denied the reports of any breach and said that their database is safe.
“The reported case appears to be instance of misuse of the grievance redressal search facility. As UIDAI maintains complete log and traceability of the facility, the legal action including lodging of FIR against the persons involved in the instant case is being done, Search facility gives limited access to name & other details, has no access to biometric details. There has not been any data breach of the biometric database which remains fully safe & secure with the highest encryption at UIDAI, and mere display of demographic info cannot be misused without biometrics,” said UIDAI.