24 December 2015

Chennai Corporation Website Leaks All Birth Certificates Since 1910.

The website managed by the Corporation of Chennai has inadvertently leaked the private details of citizens born in Chennai since 1910, by not putting in any verification checks whatsoever.
Anyone on the Internet can enter any random date and gender to download birth certificates of Chennai citizens born since 1910 as pdf files. The breach was pointed a few hours go in a tweetstorm by Twitter user ST_Hill.
chennai_leaks_body.jpg
As mentioned by him, we were able to download birth certificates as pdf files without entering any security checks, other than a number verification code.
It's quite likely that once the entire internet discovers this data breach, phishers and hackers could easily steal the identities of citizens on from the portal through crucial details like date of birth, address, mother's name, which form a part of security checks in online commerce and banks.
Senthil also points out a simple hack that enables users to skirt the number verification sequence - simply by editing the date in the URL. This gives identity thieves an even easier backdoor for mass identity theft. In the same Twitter thread, Karthik Balakrishnan reveals that the URLs are sequential, making it even easier for a hacker to design a script and scrape all the personal data from the certificates.
Such data breaches do bring into question whether government bodies have fully understood the importance of keeping citizen data private and secure in their rush to digitise India. Earlier this year, Trai had released emails with names of everyone who had submitted responses to its consultation paper on net neutrality.
Gadgets 360 has emailed the Chennai Corporation heads informing them about this breach, and has requested a comment asking for an update on activity logs and latest visitors statistics on its website.

No comments:

Post a Comment

G20 in India: A Closer Look at the High-Stakes Poker Game

India's Moment in the Spotlight: As the host nation, India has a unique opportunity to shape the G20 agenda and showcase its leadership ...