Carding 4 Carders
Professional
You don't need to be a hacker to get hold of any of your neighbor's documents.
An independent researcher in the field of digital security has reported a bug on the government website of the state of West Bengal in India. Thanks to the error, anyone could gain access to confidential identification documents of local residents and many other personal information.
Researcher Saurajit Majumder discovered a flaw in the e-District portal, which allows residents of the state to receive online services from the government, such as birth certificates, death certificates and other information.
Majumder stated that due to an error, it was possible to obtain land documents that contain records of the owners of a plot of land by guessing the sequential numbers of applications for obtaining these documents.
By accessing the application identification number, any user with an account in the e-District system could receive a copy of the ownership document. The data obtained in this way contained the names of people associated with the document, their photos, and even a complete set of fingerprints of both hands.
The documents also included government identification documents, including confidential AADHAAR numbers, which are part of India's national identification and biometrics database. These numbers are required to access banking services, mobile communications, and many government services.
Majumder reported the vulnerability to India's Computer Emergency Response Team, known as CERT-In, as well as to the government of West Bengal. Given its severity, the bug was fixed as soon as possible.
It is not yet known whether anyone else besides Majumder discovered this bug. Representatives of the West Bengal Government and CERT-In did not respond to requests for comment. The e-District website states that to date, the service has processed more than 17 million applications, but it is not known how many of them are related to ownership documents.
Local media outlets have also reported an increase in fraud in recent months involving the alleged theft of biometric information, which criminals then use to empty citizens ' bank accounts.
An independent researcher in the field of digital security has reported a bug on the government website of the state of West Bengal in India. Thanks to the error, anyone could gain access to confidential identification documents of local residents and many other personal information.
Researcher Saurajit Majumder discovered a flaw in the e-District portal, which allows residents of the state to receive online services from the government, such as birth certificates, death certificates and other information.
Majumder stated that due to an error, it was possible to obtain land documents that contain records of the owners of a plot of land by guessing the sequential numbers of applications for obtaining these documents.
By accessing the application identification number, any user with an account in the e-District system could receive a copy of the ownership document. The data obtained in this way contained the names of people associated with the document, their photos, and even a complete set of fingerprints of both hands.
The documents also included government identification documents, including confidential AADHAAR numbers, which are part of India's national identification and biometrics database. These numbers are required to access banking services, mobile communications, and many government services.
Majumder reported the vulnerability to India's Computer Emergency Response Team, known as CERT-In, as well as to the government of West Bengal. Given its severity, the bug was fixed as soon as possible.
It is not yet known whether anyone else besides Majumder discovered this bug. Representatives of the West Bengal Government and CERT-In did not respond to requests for comment. The e-District website states that to date, the service has processed more than 17 million applications, but it is not known how many of them are related to ownership documents.
Local media outlets have also reported an increase in fraud in recent months involving the alleged theft of biometric information, which criminals then use to empty citizens ' bank accounts.
