Personal data leakage in India

Security researcher Elliot Alderson received a communication from one of his followers on his Twitter account (@fs0c131y) about the existence of a vulnerability affecting the Indian gas company Indane, which allegedly exposed the personal data of more than 6.7 million users.

Among the filtered data are: telephone numbers, addresses and the Aadhar number (equivalent to the Spanish DNI which also includes biometric parameters for identification).

The researcher duly analysed the vulnerability and communicated it to the gas company on 15 February 2019.