On March 31, Wednesday, just before midnight a breach in Indian Digilocker was reported. Approximately 8.6 million people’s aadhaar card data at risk was claimed.
DigiLocker is a digital online store where the government allows us to hold data and files digitally. This is a government application. The leak was reported by a French hacker and a cybersecurity expert who also found flaws on arogya Setu app.
The message went viral on social media when the french hacker, who goes by “Elliot Alderson” on Twitter, tweeted the above as shown in pic. This was later deleted with in hours and it has been reported a false claim.
The Aadhaar photo copies were shared by Telegram channel named “aadhaar_db [breach].” The leak claims the database claims to have over 10TB of data and 88.630.228 files. More so, 8.6 million people’s Aadhaar cards from Digilocker got leaked, the file description read.
International Business Times reviewed the claim about DigiLocker breach and found traces of Aadhaar as claimed. But there are many red flags. As pointed out by Abhishek Singh, IAS, CEO of National e-Governance Division, Ministry of Electronics & IT, the leaked data is not due to DigiLocker leak. In fact, the photos of Aadhaar on Telegram channel are all scanned copies or images, which appear to have been skimmed off from a matrimonial service provider.
“The Aadhaar numbers on published documents were checked to see whether a DigiLocker account with those Aadhaar numbers exist and it was found that the accounts for most of these Aadhaar numbers do not exist on DigiLocker,” Singh said.
Furthermore, the files published on the Telegram channel are in .docx format, whereas DigiLocker does not support this format. It is also worth noting that the file names of the leaked files are in sequential numbers, but when a user uploads documents on DigiLocker, file names are user defined and in free text format.
Singh confirmed that DigiLocker “remains completely safe and there is no breach of any kind. Team Digilocker is ever vigilant to ensure systems remain 100% secure.”