Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday January 09 2018, @09:58PM   Printer-friendly
from the I'd-buy-that-for-a-dollar dept.

The Aadhaar biometric database covering over 99% of the adult population in India has been compromised and its contents are now for sale. Full personal details on around 1 billion adult citizens of India, including several biometrics, are available for $8.

takyon: $8 per individual.


Original Submission

Related Stories

Newspaper, Journalist under Criminal Investigation for India Database Breach Story 5 comments

The Indian Express reports that a FIR (First Information Report) has been filed, and a criminal investigation has begun, against the newspaper and reporter who published a story about theft of data from Aadhaar, India's national identity system:

A deputy director of the Unique Identification Authority of India (UIDAI) has registered an FIR against The Tribune newspaper and its reporter Rachna Khaira following her report on how anonymous sellers over WhatsApp were allegedly providing access to Aadhaar numbers for a fee. [Ed Note: The UIDAI has denied that any breach of the biometric database took place. See below.]

The FIR also names Anil Kumar, Sunil Kumar and Raj, all of whom were mentioned in The Tribune report as people Khaira contacted in the course of her reporting.

Joint Commissioner of Police (Crime Branch) Alok Kumar confirmed that an FIR had been registered and an investigation launched. The FIR has been lodged with the Crime Branch's cyber cell under IPC Sections 419 (punishment for cheating by impersonation), 420 (cheating), 468 (forgery) and 471 (using as genuine a forged document), as well Section 66 of the IT Act and Section 36/37 of the Aadhaar Act.

The UIDAI issued a press release (PDF) (Internet Archive link) about the FIR, in which it denies that the biometric database was breached:

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 3, Interesting) by MostCynical on Tuesday January 09 2018, @10:11PM (7 children)

    by MostCynical (2589) on Tuesday January 09 2018, @10:11PM (#620239) Journal
    --
    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
    • (Score: 5, Interesting) by bob_super on Tuesday January 09 2018, @10:19PM

      by bob_super (1357) on Tuesday January 09 2018, @10:19PM (#620241)

      Offer and demand. Databases of Americans' private data get breached every other day.
      And when it comes to credit cards, Americans have a much higher turnover, so the numbers are more likely to be obsolete,

    • (Score: 4, Interesting) by takyon on Tuesday January 09 2018, @10:20PM (5 children)

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Tuesday January 09 2018, @10:20PM (#620242) Journal

      The inclusion of the biometric data could make this database a little more unique and valuable than most.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
      • (Score: 2) by The Mighty Buzzard on Tuesday January 09 2018, @11:31PM (4 children)

        by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Tuesday January 09 2018, @11:31PM (#620264) Homepage Journal

        Eight bucks a pop for a chick's digits? That's not much of a bargain unless you're damned ugly and lack anything approaching charm.

        --
        My rights don't end where your fear begins.
        • (Score: 0) by Anonymous Coward on Tuesday January 09 2018, @11:38PM (1 child)

          by Anonymous Coward on Tuesday January 09 2018, @11:38PM (#620268)

          So says buzzy the charm nozzle.

        • (Score: 3, Funny) by takyon on Wednesday January 10 2018, @12:13AM

          by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Wednesday January 10 2018, @12:13AM (#620275) Journal

          Great for stalking though.

          At least they didn't collect DNA samples.

          --
          [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
        • (Score: 1, Touché) by Anonymous Coward on Wednesday January 10 2018, @10:23AM

          by Anonymous Coward on Wednesday January 10 2018, @10:23AM (#620420)

          Eight bucks a pop for a chick's digits? That's not much of a bargain unless you're damned ugly and lack anything approaching charm.

          In my neighborhood having $8 means I have plenty of charm.

  • (Score: 2, Funny) by Anonymous Coward on Tuesday January 09 2018, @10:39PM (2 children)

    by Anonymous Coward on Tuesday January 09 2018, @10:39PM (#620246)

    Name: Shkjhksjhfdui "Doug" Patel
    Profession: IT Contractor
    Education: Masters
    Eyes: Brown
    Complexion: Brown
    Hair: Black
    Height: 5' 3"
    Shits in the street: Yes

    • (Score: 1, Funny) by Anonymous Coward on Tuesday January 09 2018, @10:54PM (1 child)

      by Anonymous Coward on Tuesday January 09 2018, @10:54PM (#620250)

      Education: "Masters"

      FTFY

      • (Score: 2, Touché) by Anonymous Coward on Wednesday January 10 2018, @12:30AM

        by Anonymous Coward on Wednesday January 10 2018, @12:30AM (#620278)

        Education: "Stackoverflow"
        FTFYx2

  • (Score: 2) by Mykl on Tuesday January 09 2018, @10:48PM (4 children)

    by Mykl (1112) on Tuesday January 09 2018, @10:48PM (#620248)

    It's hardly surprising that these leaks continue to happen weekly. All it takes is one or two bad actors in the right position (which is usually not that high up).

    It's why I've been avoiding iCloud for my Apple devices - eventually that nut will be cracked and it will be open season on everyone's data. Unfortunately, Apple seems to be trying as hard as possible to push everyone onto it (just discovered after a recent update that I can no longer sync photos from the Photos app to iPhone via iTunes sync).

    • (Score: 0) by Anonymous Coward on Tuesday January 09 2018, @11:11PM (1 child)

      by Anonymous Coward on Tuesday January 09 2018, @11:11PM (#620259)
      Why then to use a device that doesn't fit your needs? Apple has no control over me, for example... I do not care about their (or anyone else's) fantasies about the almighty Cloud.
      • (Score: 2) by Mykl on Tuesday January 09 2018, @11:56PM

        by Mykl (1112) on Tuesday January 09 2018, @11:56PM (#620272)

        Because, while it no longer fits my needs on this particular item, Apple devices fit my needs better than Android on the whole.

        Yes, I'm aware of the restrictions I've signed up to. No, I'm not prepared to spend the time and energy rolling my own solution. Any spare time I have goes to other pursuits (the kids, wife, a bit of time for my hobbies).

    • (Score: 4, Insightful) by pipedwho on Tuesday January 09 2018, @11:57PM

      by pipedwho (2032) on Tuesday January 09 2018, @11:57PM (#620273)

      Apple is probably a bad example of this as they (ie. the company and therefore the employees) don't have access to your iCloud data (beyond the usual sign up details, name, credit card, etc). They intentionally use HSMs for all the crypto keys in a way that allows only your devices to decrypt the data which theoretically prevents en masse compromises. Now, of course, if some of the crypto primitives 'fail' (ie. someone discovers an exploitable weakness in AES, ECC, cryptographic modes, or hardware based random number generators), then everyone on iCloud might be in a world of hurt. But if that happens, the hurt is going to go far beyond Apple and problems with exposed iCloud data.

      Of course, if someone gets your iCloud password, then you have a problem. But, that is different from the database compromise described in the article where the entire dataset (or large batches of it) are exposed by a single attack.

      Large searchable databases full of sensitive and identifiable information are an extremely bad idea for privacy reasons.

    • (Score: 0) by Anonymous Coward on Wednesday January 10 2018, @06:19AM

      by Anonymous Coward on Wednesday January 10 2018, @06:19AM (#620362)

      You don't have to give Apple your real name or anything. You should know the routine.

  • (Score: 2) by PinkyGigglebrain on Tuesday January 09 2018, @11:54PM (1 child)

    by PinkyGigglebrain (4458) on Tuesday January 09 2018, @11:54PM (#620271)

    That certainly didn't take long :/

    OK, who won the pool?

    --
    "Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
    • (Score: 0) by Anonymous Coward on Wednesday January 10 2018, @01:05AM

      by Anonymous Coward on Wednesday January 10 2018, @01:05AM (#620287)

      2017 - Year of the Data Breach
      2018 - Year of the Biometric Data Breach

  • (Score: 1, Flamebait) by Bot on Wednesday January 10 2018, @02:23AM

    by Bot (3902) on Wednesday January 10 2018, @02:23AM (#620312) Journal

    With 6$ i got an Indian to spill his details and those of his sisters. He gave me 10$ to exploit the details of his mother in law, too.

    --
    Account abandoned.
(1)