Report claims India's national ID system can be accessed for under $10

India's worst-case scenario has materialized. Local news reports indicate that the government's Aadhaar identity program, which stores sensitive information on over one billion individuals, has been breached.

There is a small silver lining: this incident did not involve hackers, at least not this time. The vulnerability came to light when The Tribune, an Indian newspaper, paid an individual under $10 for administrative credentials to the database. The journalists subsequently received a username and password, enabling them to retrieve any citizen's data by simply inputting their 12-digit Aadhaar number.

The situation escalates. BuzzFeed located the seller, who uses the alias Anil Kumar. He informed the outlet that the transaction with The Tribune was merely one of eight such deals he completed that week. For each sale, he charged 500 INR (approximately $8), obtaining the necessary admin credentials through a WhatsApp contact.

Kumar explained to BuzzFeed that he initially paid an anonymous individual 6,000 INR (around $95) within a WhatsApp group to generate a username and password for his own access to the Aadhaar database. He was then told he could create unlimited credentials for the system. To recoup his investment, he began selling those credentials.

Reacting to the news, India's governing Bharatiya Janata Party employed a tactic reminiscent of President Trump, dismissing the breach reports as 'fake news.'

It's worth noting that 'breach' may not be the precise term for this case. Obtaining access by compensating an intermediary isn't a technical breach; rather, it's a deeply flawed scenario that arises when a government relies on a chain of contractors to oversee a highly sensitive initiative.

While Aadhaar enrollment is not compulsory, a widespread drive to register citizens made it seem virtually obligatory in the past year. The identification system has gradually infiltrated numerous services, including school admissions, food ration distribution, and various government programs. Facebook also adopted it in a pilot that prompted new users to submit their Aadhaar details.

Beyond the privacy concerns of a government collecting personal data and the evident security vulnerability, there have been tragic incidents linked to the program.

Last October, authorities refuted claims that a girl in the eastern state of Jharkhand starved to death after her family was denied food rations due to not enrolling in Aadhaar. In the same state, reports indicate that another woman died under similar conditions on Christmas Day.

Activists have opposed the program, which ties IDs to citizens' mobile numbers, arguing that the data gathering and use violate the constitution. Numerous warnings about weak security have surfaced, including a flaw in the data collection process discovered in July. Against this backdrop, the latest disclosures have stunned the country by demonstrating how simple and inexpensive it is to obtain access.

Amid the confusion and uncertainty following these reports, one fact stands out: India's citizens deserve a more substantial response from their government than being told the news is fake.

Cover photo: Pallava Bagla / Contributor/Getty Images (image altered)

(function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = " "; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));

function getCookie(name) { var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([.$?|{}()[]/+^])/g, '$1') + "=([^;])" )); return matches ? decodeURIComponent(matches[1]) : undefined; }

window.onload = function() { var gravity_guid = getCookie('grvinsights'); var btn = document.getElementById('fb-send-to-messenger'); if (btn != undefined && btn != null) { btn.setAttribute('data-ref', gravity_guid) } }