Personal Data of a Billion Indians Sold Online For $8, Report Claims (theguardian.com)

← Back to Stories (view on slashdot.org)

Personal Data of a Billion Indians Sold Online For $8, Report Claims (theguardian.com)

Posted by msmash on Thursday January 4, 2018 @05:23AM from the security-woes dept.

Michael Safi, reporting for The Guardian: The personal information of more than a billion Indians stored in the world's largest biometric database can be bought online for less than $8, according to an investigation by an Indian newspaper. The reported breach is the latest in a series of alleged leaks from the Aadhaar database, which has been collecting the photographs, thumbprints, retina scans and other identifying details of every Indian citizen. The report in the Chandigarh-based Tribune newspaper claimed that software is also being sold online that can generate fake Aadhaar cards, an identity document that is required to access a growing number of government services including free meals and subsidised grain. The Unique Identification Authority of India (UIDAI), which administers the Aadhaar system, said it appeared the newspaper had accessed only limited details through a search facility that had been made available to government officials.

74 comments

Min score:

Reason:

Sort:

Well, that's not very nice by Anonymous Coward · 2018-01-04 05:27 · Score: 0

What did the back of the invisible hand of the marketplace say to a billion Indians? SLAP!
1. Re:Well, that's not very nice by cayenne8 · 2018-01-04 06:38 · Score: 1
  
  Well, to be fair......isn't $8 the equivalent of about $2 Billion Rupees?
  ;)
  
  --
  Light travels faster than sound. This is why some people appear bright until you hear them speak.........
2. Re:Well, that's not very nice by ShanghaiBill · 2018-01-04 07:17 · Score: 1
  
  It is really stupid to design a system that depends on "security through obscurity". A billion person database was unlikely to ever remain secure, since hundreds of thousands of bureaucrats need access to it everyday. So the security of the system should not have been designed on the assumption that any of that information is confidential.
  Using biometric information is reasonable if it is done as an additional factor. It is not reasonable to rely on it as the only factor (except perhaps for very small transactions), and it is ever dumber to store the biometric data on the ID card itself, where it can be easily falsified.
  The real story here is not "data breach" but "dumb design".
3. Re:Well, that's not very nice by Anonymous Coward · 2018-01-04 08:45 · Score: 0
  
  $8 is 507 rupees.
4. Re: Well, that's not very nice by Anonymous Coward · 2018-01-04 08:48 · Score: 0
  
  Its ~520 rupees. But it will be 2 billion rupees if you calculate using hillbilly white trash maths.
5. Re:Well, that's not very nice by vtcodger · 2018-01-04 09:52 · Score: 1
  
  A billion person database was unlikely to ever remain secure, since hundreds of thousands of bureaucrats need access to it everyday.
  So, what's the largest data base that can be secured? 100 million entries? 10 million? 1 million? Maybe more like 10 entries? ... 5 entries? ... one?
  If you're correct -- and for all I know, you are dead on -- it does not bode well for our shiny new digital universe.
  
  --
  You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
6. Re: Well, that's not very nice by Anonymous Coward · 2018-01-04 22:24 · Score: 0
  
  Good to see that stooping to the level of the people who annoy you is still a much cherished pass time globally.
  Oh hey, I just participated too! Medals for everyone!
Intel by 110010001000 · 2018-01-04 05:29 · Score: 4, Funny

Thanks Intel.
1. Re:Intel by Anonymous Coward · 2018-01-09 04:13 · Score: 0
  
  Thanks Intel.
  So I guess this means Obama is finally off the hook?
Identity of a billion Indians worth only $8 by swb · 2018-01-04 05:29 · Score: 4, Funny

I'm trying to understand the price/value issue in play here.
1. Re:Identity of a billion Indians worth only $8 by Ayano · 2018-01-04 05:33 · Score: 1
  
  This both looks and sounds bad.
  
  --
  I don't read AC
2. Re:Identity of a billion Indians worth only $8 by Anonymous Coward · 2018-01-04 05:39 · Score: 0
  
  Well, it's pretty simple really. Indians aren't crazy spending consumers like North Americans... so they are perceived as having less value.
3. Re:Identity of a billion Indians worth only $8 by Anonymous Coward · 2018-01-04 05:51 · Score: 2, Insightful
  
  Maybe you will glean some insight into why facebook, microsoft, google, et al are so in favor of the H1-B programme
4. Re:Identity of a billion Indians worth only $8 by Anonymous Coward · 2018-01-04 06:01 · Score: 0
  
  I'm trying to understand the price/value issue in play here.
  $8 is 14 bazillion rupee.
5. Re:Identity of a billion Indians worth only $8 by Marxist+Hacker+42 · 2018-01-04 06:03 · Score: 0
  
  Average amount of a Hindu bank account. $8/1billion=$.00000008.
  
  --
  SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
6. Re:Identity of a billion Indians worth only $8 by Anonymous Coward · 2018-01-04 06:28 · Score: 0
  
  The system is used mostly for access to government services, which means most of the people are poor and the information may or may not allow someone to access anything other than government services.
  Basically, it is like stealing the personal information of the homeless and very poor here in the U.S. They have no credit and little to no money in the bank, assuming they have a bank account.
  The information has very little utility so very little value.
7. Re:Identity of a billion Indians worth only $8 by Anonymous Coward · 2018-01-04 06:31 · Score: 0
  
  The guy must have put a decimal point in the wrong place! How the fuck are hackers even making any money off this? To set this up on a website, host it, and deal with cryptocurrency transaction fees they've got to be operating at a loss. Is it ad supported?
8. Re:Identity of a billion Indians worth only $8 by Anonymous Coward · 2018-01-04 06:55 · Score: 0
  
  Average amount of a Hindu bank account. $8/1billion=$.00000008.
  Hindu is a religion. Indian does not equal Hindu. Hindus living in the U.S. are likely to have larger incomes (and hence bigger bank account balances) than people of most other faiths: http://www.pewresearch.org/fac...
9. Re:Identity of a billion Indians worth only $8 by EvilSS · 2018-01-04 07:22 · Score: 2
  
  Probably supply vs demand. Either there isn't much demand for it, or it's way too easy to get from other sources to be valuable.
  
  --
  I browse on +1 so AC's need not respond, I won't see it.
10. Re:Identity of a billion Indians worth only $8 by ShanghaiBill · 2018-01-04 07:22 · Score: 2
  
  I'm trying to understand the price/value issue in play here.
  Most likely the database is available from more than one seller, and competitive pressure is pushing the price down to near the marginal cost of providing the goods.
  This is indicative of a properly functioning free market.
11. Re:Identity of a billion Indians worth only $8 by nukenerd · 2018-01-04 08:05 · Score: 1
  
  I'm trying to understand the price/value issue in play here.
  You read it right : a billion Indians are worth $8
12. Re:Identity of a billion Indians worth only $8 by Marxist+Hacker+42 · 2018-01-04 08:42 · Score: 1
  
  But average them out worldwide, they're a LOT poorer. It's only the rich ones who are able to emigrate.
  
  --
  SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
13. Re:Identity of a billion Indians worth only $8 by ArchieBunker · 2018-01-04 08:50 · Score: 0
  
  The country is a literal shit hole.
  
  --
  Only the State obtains its revenue by coercion. - Murray Rothbard
14. Re: Identity of a billion Indians worth only $8 by Anonymous Coward · 2018-01-04 08:53 · Score: 0
  
  Thats because over the years white men have looted India again and again.
15. Re:Identity of a billion Indians worth only $8 by gnick · 2018-01-04 08:59 · Score: 1
  
  I think AC was suggesting that being Indian affects your income more than being Hindu. I'd like to think that being Hindu has little to do with it. The numbers AC linked to seem to support that.
  
  --
  He's getting rather old, but he's a good mouse.
16. Re:Identity of a billion Indians worth only $8 by Anonymous Coward · 2018-01-04 09:16 · Score: 0
  
  But average them out worldwide, they're a LOT poorer. It's only the rich ones who are able to emigrate.
  It's not just the rich ones. It's more the highly educated ones that are able to emigrate. This is why they are disproportionately successful in the U.S.
17. Re: Identity of a billion Indians worth only $8 by vtcodger · 2018-01-04 10:05 · Score: 1
  
  India has been independent for 70 years. From what I've read of Vikas Swarup (Q&A,Six Suspects) and the tales of acquaintances who have worked there , the Indians managed the transition from looting by Europeans to domestically managed looting quickly and seamlessly.
  
  --
  You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
18. Re:Identity of a billion Indians worth only $8 by Anonymous Coward · 2018-01-04 17:28 · Score: 0
  
  I'm trying to understand the price/value issue in play here.
  Especially when all Indians look alike to me....
19. Re: Identity of a billion Indians worth only $8 by Anonymous Coward · 2018-01-05 04:10 · Score: 0
  
  Absolutely. Think how peaceful and prosperous this world would be without the white man!
Globalization is Great by Anonymous Coward · 2018-01-04 05:33 · Score: 0

A billion coders for $8. Beat that rate, old gray loserbeards. America is shit for tech. India fucking owns you.
1. Re:Globalization is Great by NoNonAlphaCharsHere · 2018-01-04 05:56 · Score: 1
  
  Unless, of course, you want to ship (more or less on time) a product that actually works, indeed, does anything at all besides print stack dumps. Meanwhile, you'll still be on the phone at 7:30 P.M. going "No, no, a hydrogen atom is one proton and one electron...".
2. Re:Globalization is Great by Anonymous Coward · 2018-01-04 06:17 · Score: 0
  
  print stack dumps.
  Our company's product is a debugger.
3. Re:Globalization is Great by Anonymous Coward · 2018-01-04 07:13 · Score: 0
  
  print stack dumps.
  Our company's product is a debugger.
  Yes, but you're supposed to print the stack dump of the program you want to analyze, not that of the debugger itself!
4. Re:Globalization is Great by Anonymous Coward · 2018-01-04 09:23 · Score: 0
  
  Yes, but at least I am the smartest proton in that hydrogen atom. Wait...
5. Re:Globalization is Great by NoNonAlphaCharsHere · 2018-01-04 10:42 · Score: 1
  
  No, I mean you have to explain every fucking thing,usually from first principles.
My offer is $3 by JoeyRox · 2018-01-04 05:34 · Score: 1

And I want a large Cherry Slurpee included as well.
1. Re:My offer is $3 by Anonymous Coward · 2018-01-04 05:42 · Score: 1
  
  Yes sir you will receive the needful.
2. Re:My offer is $3 by Anonymous Coward · 2018-01-04 06:02 · Score: 0
  
  But only after you restart your computer, unplug and plug every cord, watch as they move the mouse around on your screen and accidently click on the wrong button because of lag, and 8 hours later, you are barely better off than you were before. Aka now your printer works, but you get every HP popup known to man because we can't just install the basic driver that was already downloaded....
A fine example. by Gravis+Zero · 2018-01-04 05:36 · Score: 1

This is a good example of what happens when you fail to invest in strong security. I'm not talking just about getting hacked, I'm also talking about employees walking off with your data and selling it. The ability to access this information should have been heavily scrutinized and limited. I'm guessing India had an amateur hour setup and has no way of tracking how this information was even taken.

--
Anons need not reply. Questions end with a question mark.
1. Re:A fine example. by Archangel+Michael · 2018-01-04 05:47 · Score: 3, Interesting
  
  It isn't the security that is the problem, it is that we accept, blindly, that people are who they say they are. Until we assign fraud back to the lenders, credit providers, and the aggregators of such information, and not the individuals who are being spoofed by hacks such as this, we won't actually solve the problem.
  But this is done by design and will never change.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
2. Re:A fine example. by cascadingstylesheet · 2018-01-04 06:17 · Score: 1
  
  I'm guessing India had an amateur hour setup and has no way of tracking how this information was even taken.
  Maybe they outsourced it {rimshot}
3. Re: A fine example. by Anonymous Coward · 2018-01-04 06:49 · Score: 0
  
  Sorry dude, but I know you are a liar and a fraud, the problem isn't on my end, it's your tedious insistence on being deceitful.
4. Re:A fine example. by ShanghaiBill · 2018-01-04 07:30 · Score: 1
  
  Indeed. A system that allows anyone to take out a loan in my name by reciting the last four digits of my SSN is not secure. Nor is a system that allows a thief to use a stolen credit card as long as he knows the 3 digit CVV code that is printed directly on the back of the card.
Nobody could have predicted, etc. by Anonymous Coward · 2018-01-04 05:38 · Score: 0

Or maybe this is not at all surprising to those of us that aren't in love with "progress" and "innovation" for its own sake.
Billions Sold by Anonymous Coward · 2018-01-04 05:41 · Score: 0

Additional billions, only $5 each.
These leads are weak by Anonymous Coward · 2018-01-04 05:44 · Score: 0

"Patel"? "Ravadem Patel"? Wh—how'm I gonna make a living on these dead-beats? Where'd you get this from, the morgue?
1. Re:These leads are weak by Anonymous Coward · 2018-01-04 05:57 · Score: 0
  
  "Rama Rama Ding Dong"?
2. Re:These leads are weak by Anonymous Coward · 2018-01-04 06:27 · Score: 0
  
  "Rama Lama Ding Dong"?
  FTFY.
3. Re:These leads are weak by Anonymous Coward · 2018-01-04 06:43 · Score: 0
  
  "Rama Lama Ding Dong"?
  What do you get when the Dalai Lama drives up in a Dodge pickup and rings your doorbell?
But 8 $ is worth a lot there... by 140Mandak262Jamuna · 2018-01-04 05:51 · Score: 1

Based on the purchase power parity calculation and using the McDonald Burger index, 8 USD works out to several billion Indian Rupees.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
1. Re: But 8 $ is worth a lot there... by Anonymous Coward · 2018-01-04 06:08 · Score: 0
  
  How many American football fields does that come out to? Asking for an American friend. ;)
Should have at least demanded $60... by Anonymous Coward · 2018-01-04 06:13 · Score: 0

For his and hers cell phones.
I mean if you are going to be corrupt, you have to at least be corrupt in style.
Hello I am from India Tech Support by zifn4b · 2018-01-04 06:14 · Score: 1

Hello, my name is Sanjay and I am with the India State Tech Support Agency. I have received a notification from your computer that it has encountered a problem that needs to be fixed. If you will please give me your credit card information, I will help you fix your computer. Thank you for your cooperation and I'm sorry for the inconvenience this computer problem has caused you.
Seriously, it's about time the love got spread around to India to see how they like being scammed.

--
We'll make great pets
1. Re:Hello I am from India Tech Support by war4peace · 2018-01-04 06:19 · Score: 1
  
  It's part of their culture. Believe me, they know very well. Well enough to teach you a few things :)
  
  --
  ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
2. Re:Hello I am from India Tech Support by CrashNBrn · 2018-01-04 06:25 · Score: 1
  
  I'm sure you meant Bob.
3. Re:Hello I am from India Tech Support by zifn4b · 2018-01-04 06:34 · Score: 1
  
  I'm sure you meant Bob.
  I believe you're thinking of Rachel from Card Services
  
  --
  We'll make great pets
Insourcing! by TimMD909 · 2018-01-04 06:23 · Score: 1

At least the Indians can't blame their security on the incompetence of IT outsourced to a foreign country with a reputation for substandard software...
So... there's absolutely no way this'll become political, right? I look forward to the calm and rational discussion that'll we'll be having here on Slashdot...
1. Re:Insourcing! by Anonymous Coward · 2018-01-04 09:39 · Score: 0
  
  I look forward to the calm and rational discussion that'll we'll be having here on Slashdot...
  You must be new here...... ;)
Re: But 8 $ is worth a lot there... by nnet · 2018-01-04 06:30 · Score: 1

0.61, and 1.25 downs.
Please help me figure this out.. by Anonymous Coward · 2018-01-04 06:42 · Score: 0

I'm trying to reconcile this against the people that say UBI should be a thing because the big data companies are making a killing off your data. When your data is only worth $.00000008, how does one expect UBI to be feasible?
1. Re:Please help me figure this out.. by gnick · 2018-01-04 09:50 · Score: 1
  
  ...UBI should be a thing because the big data companies are making a killing off your data.
  WTF does UBI have to do with "big data company" profits? They're not TOTALLY unrelated because they both involve money, but that's the end of the connection I see.
  
  When your data is only worth $.00000008, how does one expect UBI to be feasible?
  Because nobody's suggesting that we fund UBI with personal data sales. Are they?
  
  --
  He's getting rather old, but he's a good mouse.
Yes, I'm sure this is important but... by JudgeFurious · 2018-01-04 06:43 · Score: 1

The real question we all want an answer to is how many Bothans died to bring us this $8 worth of information

--
Appended to the end of comments you post. 120 chars.
A preview of things to come for all of us by Anonymous Coward · 2018-01-04 07:04 · Score: 0

This isn't about technical flaws in microprocessors, or software, or even incompetence in data security. It's about how everyone has frittered away their privacy for the illusion of security, giving up their very much personal data, not safeguarding themselves, and allowing data to be stored by corporations and governments in the first place. The avalanche of data-theft has barely even begun and I don't think anything is going to stop it, now.
A billion? by Anonymous Coward · 2018-01-04 07:23 · Score: 0

I didn't think there were that many Indians left. They must be cleaning house with those casinos.
LOL!! They said EXACTLY THIS would happen a year a by Anonymous Coward · 2018-01-04 07:39 · Score: 0

February 14, 2017

In a bid to get more Indians to have a birth certificate or any sort of ID card, India announced Aadhaar project in 2009. At the time, there were more Indians without these ID cards than those with. As a result of this, much of the government funding for the citizens were disappearing before they could see them. But according to several security experts, lawyers, politicians and journalists, the government is using poor security practices, and this is exposing the biometrics data -- photo, name, address, fingerprint, iris info -- of people at risk. More than 1.1 billion people -- and 99 percent of all adults -- in India have enrolled themselves to the system. From a report:

"There are two fundamental flaws in Aadhaar: it is poorly designed, and it is being poorly verified," Member of Parliament and privacy advocate, Rajeev Chandrasekhar told Mashable India. Another issue with Aadhaar is, Chandrasekhar explains, there is no firm legislation to safeguard the privacy and rights of the billion people who have enrolled into the system. There's little a person whose Aadhaar data has been compromised could do. [...] "Aadhaar is remote, covert, and non-consensual," he told Mashable India, adding the existence of a central database of any kind, but especially in the context of the Aadhaar, and at the scale it is working is appalling. Abraham said fingerprint and iris data of a person can be stolen with little effort -- a "gummy bear" which sells for a few cents, can store one's fingerprint, while a high-resolution camera can capture one's iris data.
The report goes on to say that the Indian government is also not telling how the data is being shared with private companies.
not telling how the data is being shared
How the data is being shared: Thoroughly
And that's about all... by Anonymous Coward · 2018-01-04 08:22 · Score: 0

...it's worth, truthfully. *shrug*
Not a bad rate... by argStyopa · 2018-01-04 08:40 · Score: 1

...that's about double their net worth anyway.

--
-Styopa
Apu From The Quicky Mart. by Zorro · 2018-01-04 08:52 · Score: 1

Welcome! Would you like a Mango Slurpee with that data?
And they are all Microsoft Support Agents by Anonymous Coward · 2018-01-04 09:36 · Score: 0

And they are all Microsoft Support Agents waiting to fix your PC by cold calling you.
Indians arent worth much by Anonymous Coward · 2018-01-04 11:28 · Score: 0

supply and demand
no surprises there by Anonymous Coward · 2018-01-05 01:42 · Score: 0

Indian call centre staff frequently sell PII data of overseas companies. It's no surprise that those with access to the biometrics database also sell that data.
Huh? by Anonymous Coward · 2018-01-05 04:15 · Score: 0

As poor as India is, I would say that the buyer got ripped off!