A recent revelation on a Reddit thread has highlighted the significant
Who is to blame?
As one redditor pointed out, the primary reason for these leaks isn’t just the Most of the leaked documents were photographs of the IDs. This is because Indians tend to share their Aadhar rather indiscriminately and organisations, including schools, colleges, corporate offices and government agencies, store personal data without adequate safeguards.
Without appropriate data protection measures, such as securing their databases, encrypting sensitive information or using password-protected directories, our personal documents end up getting exposed on the internet, making them easily accessible through search engines like Google. A simple search query like "index of
Hackers and cybercriminals exploit these vulnerabilities to gain unauthorised access to such data. In some cases, as seen with the recent data breach involving the records of 81.5 crore Indians, threat actors actively target poorly secured databases and leak this information on darknet forums for monetary gains.
What is the solution?
Search engines like Google are wired to index everything on the internet that they can get their hands on. And so, web developers must manually disable indexing to protect sensitive documents, a redditor commented. Another suggested that the Information Technology Act, 2000 was outdated and needed to be tweaked to suit current-day technology.In the meantime, organisations should encrypt sensitive data, ensuring that even if unauthorised access occurs, the information remains protected. Web developers must use HTTPS and ensure that directories containing sensitive information are password-protected. Implementing firewalls and regularly updating software can also prevent security breaches.
Employees should be trained on data privacy and the importance of handling sensitive information securely. They should be taught to recognise phishing scams and other potential threats.
Since regular people have no way of knowing for sure how safe their documents will be on a certain website, the best you can do is use masked ID (or) Virtual ID. These will reduce your risk of exposure to any said scams.
Implementing 2FA adds an extra layer of security to accounts, making it harder for cybercriminals to access them. You can ensure that your ID is linked with your phone number and mail such that if anyone accesses your Aadhar for verification, you get notified and you may raise a complaint against authentication of aadhar.
The recent data breaches in India are a wake-up call for both individuals and organisations to take data security seriously. With the right preventive measures and increased awareness, we can minimise the risk of such sensitive information falling into the wrong hands.