After raising concerns over finding a large number of Aadhaar cards publicly online, French cyber-security researcher Robert Baptiste has revealed that the document can be accessed by means of a Google ‘dork’ search.
Dork is an advanced mechanism which narrows down search by using strings which indicate the type of file. Mr. Baptiste, who operates the Twitter handle Elliot Alderson, tweeted a screenshot of dork strings and keywords that can be used to view Aadhaar cards online.
Responding to questions from The Hindu , the cybersecurity expert said that Unique Identification Authority of India (UIDAI) should ensure that parties which handle Aadhaar cards should have in place strong security measures. He also said that the QR Code on Aadhaar cards could be scanned with Android apps.
“Hi @UIDAI and @ceo_uidai, it’s time for you to force your partners to handle #Aadhaar cards in a secure way. If you make a Google search query with one of this line you will find thousand of #Aadhaar card. @UIDAI: It’s time to admit that this is not OK and to work on a fix (sic),” he tweeted.
Though calls to the regional office in Hyderabad remained unanswered, it was on March 11 that the UIDAI took to Twitter to dismiss Mr. Baptiste’s tweets on the subject, though it did not name him.
“UIDAI has dismissed the reports as irresponsible, which appeared in a section of social and other media on security of Aadhaar system being questioned on account of a few Aadhaar cards reportedly put on the Internet by some unscrupulous elements. 1/n,” the verified UIDAI Twitter handle said.
It also pointed out that publication of Aadhaar details neither has a bearing on UIDAI, nor on Aadhaar security. It underscored that Aadhaar is like any other identity document and must not be treated confidential.
In another tweet, the UIDAI said, “If anybody unauthorisedly publishes someone’s personal information such as Aadhaar card, passport, mobile number, bank account number, his photograph, he can be sued for civil damages by the person whose privacy right is infringed. 6/n”. It signed off by reiterating that Aadhaar remains ‘safe’ and ‘secure’.