An Andhra Pradesh government maintained website has hosted a dashboard app that can search people in 13 districts using “religion” and “caste” amongst other categories. According to Huffingtonpost India, the dashboard in the aforementioned website, allows anyone to search for data based on terms such as “Hindu”, “Muslim”, “Zoroastrian” and even “Dalit”. The most threatening part is that the results even reveal the addresses of the families including the latitude and longitude information. This breach of security and leak of Aadhaar information in the AP government maintained website was discovered by a security researcher, Srinivas Kodali.
The data on the database was reportedly accumulated using Aadhaar numbers as unique identifiers from people who had enrolled in a famous subsidy scheme. While it is illegal to reveal the Aadhaar numbers of individuals on the internet, this database even revealed the addresses, phone numbers and other details of bank accounts, according to Srinivas. This is serious threat where a particular community or faith can be targeted to violence where their phone numbers and addresses, including geotags are openly available.
Due to the absurd security violation the above website has not been revealed by Huffpost. However, according to Srinivas, the bank account numbers including IFSC codes of all those enrolled on the scheme was also revealed in the website. After reporting to the authorities the bank account information has been removed, “but 50 lac phone numbers are still available on the site for anyone to take”, says Kodali.