Those of you with high flying corporate jobs that provide you with encrypted laptops and VPNs for security, that are maintained by a tech department will understand this one one best.
This tweet was sent from someone's mobile phone (client says 'Twitter for Android')? What kind of security policies do they have in place that allows an individual to log into the account of an org handling extremely sensitive data on a less secure device? https://t.co/ANZLTKgg5s
— Shyam (@codelust) January 21, 2018
Worth noting here is that the UIDAI account often has people messaging them their Aadhaar numbers, phone numbers and other details as needed. While using a phone to respond to Twitter is not inherently risky, this isn’t so much a “security breach” as a lack of adequate protocols for secure official communications.
That's right, all your Aadhaar customer service complains to UIDAI are going to someone's smartphone. Who is this individual, and how vulnerable are they to accidentally installing malware on their phone? https://t.co/kQlX5yQ3pN
— Kiran Jonnalagadda (@jackerhack) January 21, 2018
It is actually a fairly good parallel with Aadhaar. Twitter may be secure, but if the device you use to access it is not, your Twitter account and those you have access to, to whatever extent may not be secure. Good time to add: Just like, your Aadhaar database may be secure, but if the devices of data access are not, then the data is not secure either – to whatever extent the method has access. Gives a whole new insight into random laptops using off market scanners to do enrolments, doesn’t it.