LPG Gas Company Leaked Aadhaar numbers 6.7 Million Indian Customers

gas company leaked aadhaarThis time, India’s state-owned LPG Gas Company Leaked Aadhaar numbers 6.7 Million Indian Customers.due to a lack of authentication in the local dealers portal, Indane is leaking the names, addresses and the Aadhaar numbers of their customers.

Baptiste Robert, a French security researcher who goes by the pseudonym “Elliot Alderson” on Twitter, has prior experience investigating Aadhaar exposures with help of an Indian researcher. who using a custom-built script to scrape the database to the official website LPG Gas Company Leaked Aadhaar numbers 6.7 Million Indian Customers is leaking personal details, including their Aadhaar numbers and also he found 11,000 data Indane dealers.

This is the latest security lapse when an unprotected third-party database has leaked, India’s biometric identification programme defended by the government’s Unique Identification Authority of India (UIDAI). Aadhaar details of Indian citizens Last year, the gas company also found leaking data with a direct connection to Aadhaar’s database.

Baptiste Robert wrote in a blog post on Medium late Monday, Due to a lack of authentication in the local dealers portal, Indane is leaking the names, addresses and the Aadhaar numbers of their customers,”.

Baptiste Robert, who earlier expanded fame for flashing numerous Aadhaar-related leaks and protection faults in India’s state-owned LPG Gas Company.

Security Lapse Has Exposed Millions of Aadhaar Details.

researchers found that critics can actually fetch 6.7 millions of Indian customer data from the LPG Gas Company official website, like dealer’s username and password, which he next located using another vulnerability in the Indane’s LPG Gas official mobile app to find 11,062 valid dealer IDs, out of which he used 9490 IDs against the online dealers.

After a few minutes, I wrote this python script. By running this script, it gives us 11062 valid dealer ids. After more than 1 day, my script tested 9490 dealers and found that a total of 5,826,116 Indane customers are affected by this leak.
gas company leaked aadhaar

Baptiste Robert says, Unfortunately, Indane probably blocked my IP, so I didn’t test the remaining 1572 dealers. By doing some basic math we can estimate the final number of affected customers around 6,791,200.

 Indane has 11062 dealers
– Total number of the affected customer is around 6,791,200

LPG Gas Company tried to defend Aadhaar and the Indian Government by saying:

“IndianOil in its software captures only the Aadhaar number which is required for LPG subsidy transfer. No other Aadhgaaar related details are captured by IndianOil. Therefore, leakage of Aadhaar data is not possible through us.”
“In the past, Oil Marketing Companies on time to time basis were hosting the consumption of subsidized LPG refills by consumers, multiple connections list having customer information like consumer number, name, LPG ID and address, in public domain (transparency portal) in their respective websites which were available for social audits.”