Your Aadhaar details are up for sale, price: Rs500

04 Jan 2018

Despite numerous assurances by the government that one's Aadhhar details are safe and cannot be misused, a shocking newspaper report claimed that the Aadhaar details of a billion Indians can be bought on WhatsApp for just Rs500 each.

The government has ensured that the Aadhaar card is now your most important personal identification document. With the linking of Aadhaar to virtually all services from banking to mobile telephony, your 12-digit unique ID number is now of high value, making it a prime target for hackers.

Now, an investigation by The Tribune has revealed that one of its correspondents 'purchased' a service from an anonymous seller on WhatsApp by paying Rs 500 via Paytm. Within minutes, the agent provided a login ID and password to a portal where one could enter any Aadhaar number and gain instant access to all of its details including name, address, phone number, photo and email.

In addition to this, the sellers are also providing software to allow you to print the Aadhaar card that you have accessed for an extra Rs300.

This is perhaps the biggest security breach of Aadhaar seen so far, as the Unique Identification Authority of India (UIDAI) agreed when contacted. Officials were "shocked" on hearing about the scam and have taken up the matter with UIDAI technical consultants in Bengaluru.

"Except the director-general and I, no third person in Punjab should have a login access to our official portal. Anyone else having access is illegal, and is a major national security breach," Sanjay Jindal, additional director-general, UIDAI Regional Centre, Chandigarh, told The Tribune.

The investigation revealed that the operation started around six months ago. Some anonymous groups were created on WhatsApp who began by targeting over 3-lakh village-level enterprises (VLEs) contracted by the Ministry of Electronics and Information Technology (ME&IT) under the Common Service Centres Scheme (CSCS), and offered them unrestricted access to all Aadhaar details that have been created so far. Initially, the CSCS was entrusted for making Aadhaar cards, but their job was taken over and given to post offices and designated banks in November to avoid security breaches.

Over one lakh VLEs are now suspected of gaining illegal access to Aadhaar data to provide the service to people for a fee. Additionally, the hackers may have gained access to a website of the Government of Rajasthan, aadhaar.rajasthan.gov.in, as it was provided in the "software" that allows people to access and print Aadhaar cards.

This investigation has managed to uncover a major data breach and an operation that has been running for at least six months. It comes following UIDAI's claims in November that Aadhaar details were safe from breaches.

The UIDAI says it is looking into the matter and Jindal says this report can only be confirmed after a technical investigation has been conducted.

Those who have an Aadhaar card can track whether there has been any misuse. The UIDAI recently introduced an option on its website to help you view the history of where your Aadhaar has been used.