India's national ID database has been hit by yet another major security lapse.
Known as Aadhaar, the government ID database is packed with identity and biometric information -- like fingerprints and iris scans -- on more than 1.1 billion registered Indian citizens, official figures show. Anyone in the database can use their data -- or their thumbprint -- to open a bank account, buy a cellular SIM card, enroll in utilities, and even receive state aid or financial assistance. Even companies, like Amazon and Uber, can tap into the Aadhaar database to identify their customers.
Enrolling in the database isn't mandatory, but Indian citizens who aren't subscribed are unable to access even basic government services. Other countries are set to follow India's lead.
But the system has been dogged with security problems -- including, according to India's Tribune, a data breach. India's ruling Bharatiya Janata political party later called the report "fake news."
Now, the database is leaking information on every Aadhaar holder, a security researcher has told ZDNet.
A data leak on a system run by a state-owned utility company can allow anyone to download private information on all Aadhaar holders, exposing their names, their unique 12-digit identity numbers, and information about services they are connected to, such as their bank details and other private information.
Karan Saini, a New Delhi-based security researcher who found the vulnerable endpoint, said that anyone with an Aadhaar number is affected.
Yet the Indian authorities have done nothing to fix