LPG Co. Indane Leaks Millions of Indian Customers' AADHAAR Data?

_{_{A Wikipedia image of an Indane LPG cyllinder}}
The world's second largest LPG marketer, Indane brand owned by Indian Oil Corporation has exposed AADHAAR data of millions of its customers in a security breach.

_{A screenshot revealing the unauthenticated access to one of the Indane's dealer portal.

The hyperlink associated to the “Consumer No” in the above SS contains a parameter called “aadhar_no

Image source: TechCrunch}

A French security researcher who describes himself as "Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho, Donald Daters and others" has investigated this exposure and [revealed it in his blog post](Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho, Donald Daters and others) this morning.

According to his investigation, he put the number of affected customers from 11,062 Indane dealers to around 6,791,200.

This is a huge number and seems to be he tip of the iceberg.

However, Indan Oil Corporation has denied this claim by stating that its website captures only AADHAAR numbers for transferring the LPG subsidy benefit to its customers.

In an official statement, it said:

"No other Aadhaar related details are captured by IndianOil. Therefore, leakage of Aadhaar data is not possible through us"

What's truth is yet to be ascertained but apparently such news reinforces the belief that Aadhaar system is not as secure and reliable as UIDAI claims..

Last year, the Supreme Court had upheld the legality of AADHAAR scheme for its use for disbursement of social benefits to citizens but had rejected its mandatory need for bank accounts and cell phone connections.

We should keep in mind that this personal data been collected by Government or private organizations can be misused too through some administrative or technological flaws. So we should be aware of the risks involved before we share our data to them.