The Aadhaar biometric database covering over 99% of the adult population in India has been compromised and its contents are now for sale. Full personal details on around 1 billion adult citizens of India, including several biometrics, are available for $8.
takyon: $8 per individual.
Related Stories
The Indian Express reports that a FIR (First Information Report) has been filed, and a criminal investigation has begun, against the newspaper and reporter who published a story about theft of data from Aadhaar, India's national identity system:
A deputy director of the Unique Identification Authority of India (UIDAI) has registered an FIR against The Tribune newspaper and its reporter Rachna Khaira following her report on how anonymous sellers over WhatsApp were allegedly providing access to Aadhaar numbers for a fee. [Ed Note: The UIDAI has denied that any breach of the biometric database took place. See below.]
The FIR also names Anil Kumar, Sunil Kumar and Raj, all of whom were mentioned in The Tribune report as people Khaira contacted in the course of her reporting.
Joint Commissioner of Police (Crime Branch) Alok Kumar confirmed that an FIR had been registered and an investigation launched. The FIR has been lodged with the Crime Branch's cyber cell under IPC Sections 419 (punishment for cheating by impersonation), 420 (cheating), 468 (forgery) and 471 (using as genuine a forged document), as well Section 66 of the IT Act and Section 36/37 of the Aadhaar Act.
The UIDAI issued a press release (PDF) (Internet Archive link) about the FIR, in which it denies that the biometric database was breached:
(Score: 3, Interesting) by MostCynical on Tuesday January 09 2018, @10:11PM (7 children)
Australians are worth $29 AUD($22.79 USD)
https://www.itnews.com.au/news/govt-downplays-sale-of-medicare-card-data-on-dark-web-467409 [itnews.com.au]
And Europeans are worth more than Americans:
https://qz.com/525621/a-europeans-stolen-credit-card-data-is-worth-more-than-an-americans/ [qz.com]
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 5, Interesting) by bob_super on Tuesday January 09 2018, @10:19PM
Offer and demand. Databases of Americans' private data get breached every other day.
And when it comes to credit cards, Americans have a much higher turnover, so the numbers are more likely to be obsolete,
(Score: 4, Interesting) by takyon on Tuesday January 09 2018, @10:20PM (5 children)
The inclusion of the biometric data could make this database a little more unique and valuable than most.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by The Mighty Buzzard on Tuesday January 09 2018, @11:31PM (4 children)
Eight bucks a pop for a chick's digits? That's not much of a bargain unless you're damned ugly and lack anything approaching charm.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Tuesday January 09 2018, @11:38PM (1 child)
So says buzzy the charm nozzle.
(Score: 2) by The Mighty Buzzard on Wednesday January 10 2018, @12:01AM
Exactly. If I have no problem, you have no excuse.
My rights don't end where your fear begins.
(Score: 3, Funny) by takyon on Wednesday January 10 2018, @12:13AM
Great for stalking though.
At least they didn't collect DNA samples.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 1, Touché) by Anonymous Coward on Wednesday January 10 2018, @10:23AM
In my neighborhood having $8 means I have plenty of charm.
(Score: 2, Funny) by Anonymous Coward on Tuesday January 09 2018, @10:39PM (2 children)
Name: Shkjhksjhfdui "Doug" Patel
Profession: IT Contractor
Education: Masters
Eyes: Brown
Complexion: Brown
Hair: Black
Height: 5' 3"
Shits in the street: Yes
(Score: 1, Funny) by Anonymous Coward on Tuesday January 09 2018, @10:54PM (1 child)
Education: "Masters"
FTFY
(Score: 2, Touché) by Anonymous Coward on Wednesday January 10 2018, @12:30AM
Education: "Stackoverflow"
FTFYx2
(Score: 2) by Mykl on Tuesday January 09 2018, @10:48PM (4 children)
It's hardly surprising that these leaks continue to happen weekly. All it takes is one or two bad actors in the right position (which is usually not that high up).
It's why I've been avoiding iCloud for my Apple devices - eventually that nut will be cracked and it will be open season on everyone's data. Unfortunately, Apple seems to be trying as hard as possible to push everyone onto it (just discovered after a recent update that I can no longer sync photos from the Photos app to iPhone via iTunes sync).
(Score: 0) by Anonymous Coward on Tuesday January 09 2018, @11:11PM (1 child)
(Score: 2) by Mykl on Tuesday January 09 2018, @11:56PM
Because, while it no longer fits my needs on this particular item, Apple devices fit my needs better than Android on the whole.
Yes, I'm aware of the restrictions I've signed up to. No, I'm not prepared to spend the time and energy rolling my own solution. Any spare time I have goes to other pursuits (the kids, wife, a bit of time for my hobbies).
(Score: 4, Insightful) by pipedwho on Tuesday January 09 2018, @11:57PM
Apple is probably a bad example of this as they (ie. the company and therefore the employees) don't have access to your iCloud data (beyond the usual sign up details, name, credit card, etc). They intentionally use HSMs for all the crypto keys in a way that allows only your devices to decrypt the data which theoretically prevents en masse compromises. Now, of course, if some of the crypto primitives 'fail' (ie. someone discovers an exploitable weakness in AES, ECC, cryptographic modes, or hardware based random number generators), then everyone on iCloud might be in a world of hurt. But if that happens, the hurt is going to go far beyond Apple and problems with exposed iCloud data.
Of course, if someone gets your iCloud password, then you have a problem. But, that is different from the database compromise described in the article where the entire dataset (or large batches of it) are exposed by a single attack.
Large searchable databases full of sensitive and identifiable information are an extremely bad idea for privacy reasons.
(Score: 0) by Anonymous Coward on Wednesday January 10 2018, @06:19AM
You don't have to give Apple your real name or anything. You should know the routine.
(Score: 2) by PinkyGigglebrain on Tuesday January 09 2018, @11:54PM (1 child)
That certainly didn't take long :/
OK, who won the pool?
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 0) by Anonymous Coward on Wednesday January 10 2018, @01:05AM
2017 - Year of the Data Breach
2018 - Year of the Biometric Data Breach
(Score: 1, Flamebait) by Bot on Wednesday January 10 2018, @02:23AM
With 6$ i got an Indian to spill his details and those of his sisters. He gave me 10$ to exploit the details of his mother in law, too.
Account abandoned.