- India’s Aadhaar digital ID system experienced a massive data breach exposing 815 million citizen records.
- Sensitive data including names, addresses, biometric details, and health records were leaked and sold on the Dark Web for about $80,000.
- Hackers exploited unpatched software vulnerabilities, bypassing biometric security like iris scans and fingerprints.
- Government websites allowed unregulated access to Aadhaar data via unsecured APIs, violating legal protections.
- This breach is one of the largest in India’s digital identity history, raising ongoing concerns about identity theft and fraud risks.
India’s Aadhaar digital identification system has suffered a significant security breach, resulting in the leak of 815 million records. The exposed data was sold on the Dark Web for roughly $80,000. The breach involved a hack of the Indian Council of Medical Research (ICMR) database, which provided unauthorized access to Aadhaar details through software weaknesses in the centralized ID system.
The leaked information includes sensitive personal records such as names, addresses, phone numbers, passport numbers, gender, and district data. Health-related details, including vaccination histories and COVID-19 test results, were also compromised. This incident marks one of the largest data breaches linked to the Aadhaar system to date.
Investigators found that Hackers used low-cost exploitable software patches priced around $35 to sidestep biometric safeguards. These patches disabled iris scan and fingerprint checks required for new enrolments, allowing fraudulent generation of Aadhaar numbers from any location. Additionally, government websites gave unrestricted API (application programming interface) access, enabling anyone with basic personal information to retrieve Aadhaar records, breaching the Aadhaar Act’s privacy rules.
By 2024, these 815 million records were openly traded on Dark Web forums alongside other stolen materials. The low sale price makes the data highly accessible to criminals for identity theft, financial scams, and phishing schemes. Earlier incidents include a 2018 case where a journalist purchased entire Aadhaar databases cheaply via messaging apps, and multiple government sites mistakenly published Aadhaar numbers openly.
The breach reveals deep vulnerabilities in India’s central biometric ID infrastructure, exposing millions to long-term risks of fraud and privacy violations. The Dark Web sale and ongoing security failures illustrate serious challenges in protecting citizen data within the digital ID framework.
For more details on the security issues, see this report from The Guardian and analysis at Open Democracy.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Palantir Q3 Beats Estimates, PLTR Stock Dips 4.3% After-Hours
- U.S. Calls Delta-Aeromexico Joint Venture “Legalized Collusion”
- FTSE Russell Publishes Global Indices On-Chain via Chainlink
- CalPERS, Major U.S. Funds to Vote Against Musk’s $1T Tesla Pay Plan
- Cipher Mining Soars 32% on $5.5B Amazon AI Hosting Deal
