UPDATE: Indian Oil has issued an official statement saying that there was no leak of Aadhaar data through the Indane website. The firm adds that the Indane website captures 'only the Aadhaar number which is required for LPG subsidy transfer. No other Aadhaar related details are captured by Indian Oil. Therefore, leakage of Aadhaar data is not possible through us.'

The statement in the form of a tweet by the official @IndianOilcl adds that 'There is no Aadhaar number hosted on this website.'

The statement comes hours after the TechCrunch website reported that a security flaw left several million Aadhaar numbers of users with other details, accessible by all on the Indane website.
Earlier it was reported that the particular page of the website (showing Aadhaar numbers and other user details) was said to have been indexed by Google and thus became accessible to nearly everyone. A security researcher going by the name Elliot Anderson (Baptiste Robert) on Twitter gave details about this security lapse in a blog post. The researcher says that he got an anonymous tip talking about Indane leaving Aadhaar details exposed on its website.

The page showing the Aadhaar numbers of users has now been taken down though. As mentioned in the researcher's blog post and TechCrunch, the page not only showed the Aadhaar numbers but also the names and addresses of users. The researcher claims to have got the data for 11,000 dealers using a custom-built script on the Indane website. It is said that he got access to around 5.8 million Indane customer records before the script was blocked. He estimates that the leak could have exposed data of around 6.7 million customers.

TechCruch claims to have separately verified some Aadhaar numbers from the exposed database with UIDAI’s own web-based verification tool. Each of them got a positive match.

It is not for sure how or why this took place and since how long the particular part of Indane's website has stayed exposed. But nonetheless, it continues to raise questions on UIDAI and what it is doing to secure the data of Indians.

This leak comes soon after the news of the Indian state government of Jharkhand leaving thousands of Aadhaar numbers of government employees exposed due to a lapse in security.

Source: gadgetsnow.com