Critical DigiLocker Vulnerabilities Put 3.8 Crore Users at Risk: Researcher

Jun. 3, 2020

The Indian government’s ‘DigiLocker‘ online cloud service reportedly had a critical authentication flaw that could have potentially allowed hackers to access personal data of 38 million (3.8 crore) users. That’s according to cyber-security researcher, Ashish Gahlot, who says he discovered the vulnerability while analyzing its platform’s authentication mechanism.

Thankfully,both the flaws are now said to have been fixed. Gahlot says he contacted the DigiLocker team with his findings on May 16th. While the OTP loophole was plugged just a couple of days later on May 18th, the PIN bypass vulnerability was fixed on June 1st.

The flaws in the DigiLocker system have now been fixed, but the developments still raise more questions about the security of government-run digital platforms in the country. WhileAadhaar has sufferedmultiplesecurity breachessince its inception, therecently open sourcedCOVID-19 contact tracing app,Aarogya Setu, also reportedly has severe security loopholesthat might jeopardize the privacy of unsuspecting users.

Passionate techie. Professional tech writer. Proud geek.