The Indian state government has fixed security issues impacting its website that exposed the sensitive documents and personal information of millions of residents.
The bugs existed on the Rajasthan government website related to Jan Aadhaar, a state program to provide a single identifier to families and individuals in the state to access welfare schemes.
The bugs exposed the copies of Aadhaar cards, birth and marriage certificates, electricity bills and income statements related to registrants, as well as personal information such as their date of birth, gender and father’s name.
Security researcher Viktor Markopoulos, working for cybersecurity company CloudDefense.ai, found the bugs in the Jan Aadhaar portal in December and asked TechCrunch for help in disclosing to the authorities.