Slashdot Mirror

← Back to Stories (view on slashdot.org)

Personal Data of a Billion Indians Sold Online For $8, Report Claims (theguardian.com)

Posted by msmash on from the security-woes dept.

Michael Safi, reporting for The Guardian: The personal information of more than a billion Indians stored in the world's largest biometric database can be bought online for less than $8, according to an investigation by an Indian newspaper. The reported breach is the latest in a series of alleged leaks from the Aadhaar database, which has been collecting the photographs, thumbprints, retina scans and other identifying details of every Indian citizen. The report in the Chandigarh-based Tribune newspaper claimed that software is also being sold online that can generate fake Aadhaar cards, an identity document that is required to access a growing number of government services including free meals and subsidised grain. The Unique Identification Authority of India (UIDAI), which administers the Aadhaar system, said it appeared the newspaper had accessed only limited details through a search facility that had been made available to government officials.

32 of 74 comments (clear)

  1. Intel by 110010001000 · · Score: 4, Funny

    Thanks Intel.

  2. Identity of a billion Indians worth only $8 by swb · · Score: 4, Funny

    I'm trying to understand the price/value issue in play here.

    1. Re:Identity of a billion Indians worth only $8 by Ayano · · Score: 1

      This both looks and sounds bad.

      --
      I don't read AC
    2. Re:Identity of a billion Indians worth only $8 by Anonymous Coward · · Score: 2, Insightful

      Maybe you will glean some insight into why facebook, microsoft, google, et al are so in favor of the H1-B programme

    3. Re:Identity of a billion Indians worth only $8 by EvilSS · · Score: 2

      Probably supply vs demand. Either there isn't much demand for it, or it's way too easy to get from other sources to be valuable.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    4. Re:Identity of a billion Indians worth only $8 by ShanghaiBill · · Score: 2

      I'm trying to understand the price/value issue in play here.

      Most likely the database is available from more than one seller, and competitive pressure is pushing the price down to near the marginal cost of providing the goods.

      This is indicative of a properly functioning free market.

    5. Re:Identity of a billion Indians worth only $8 by nukenerd · · Score: 1

      I'm trying to understand the price/value issue in play here.

      You read it right : a billion Indians are worth $8

    6. Re:Identity of a billion Indians worth only $8 by Marxist+Hacker+42 · · Score: 1

      But average them out worldwide, they're a LOT poorer. It's only the rich ones who are able to emigrate.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
    7. Re:Identity of a billion Indians worth only $8 by gnick · · Score: 1

      I think AC was suggesting that being Indian affects your income more than being Hindu. I'd like to think that being Hindu has little to do with it. The numbers AC linked to seem to support that.

      --
      He's getting rather old, but he's a good mouse.
    8. Re: Identity of a billion Indians worth only $8 by vtcodger · · Score: 1

      India has been independent for 70 years. From what I've read of Vikas Swarup (Q&A,Six Suspects) and the tales of acquaintances who have worked there , the Indians managed the transition from looting by Europeans to domestically managed looting quickly and seamlessly.

      --
      You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
  3. My offer is $3 by JoeyRox · · Score: 1

    And I want a large Cherry Slurpee included as well.

    1. Re:My offer is $3 by Anonymous Coward · · Score: 1

      Yes sir you will receive the needful.

  4. A fine example. by Gravis+Zero · · Score: 1

    This is a good example of what happens when you fail to invest in strong security. I'm not talking just about getting hacked, I'm also talking about employees walking off with your data and selling it. The ability to access this information should have been heavily scrutinized and limited. I'm guessing India had an amateur hour setup and has no way of tracking how this information was even taken.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:A fine example. by Archangel+Michael · · Score: 3, Interesting

      It isn't the security that is the problem, it is that we accept, blindly, that people are who they say they are. Until we assign fraud back to the lenders, credit providers, and the aggregators of such information, and not the individuals who are being spoofed by hacks such as this, we won't actually solve the problem.

      But this is done by design and will never change.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    2. Re:A fine example. by cascadingstylesheet · · Score: 1

      I'm guessing India had an amateur hour setup and has no way of tracking how this information was even taken.

      Maybe they outsourced it {rimshot}

    3. Re:A fine example. by ShanghaiBill · · Score: 1

      Indeed. A system that allows anyone to take out a loan in my name by reciting the last four digits of my SSN is not secure. Nor is a system that allows a thief to use a stolen credit card as long as he knows the 3 digit CVV code that is printed directly on the back of the card.

  5. But 8 $ is worth a lot there... by 140Mandak262Jamuna · · Score: 1

    Based on the purchase power parity calculation and using the McDonald Burger index, 8 USD works out to several billion Indian Rupees.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  6. Re:Globalization is Great by NoNonAlphaCharsHere · · Score: 1

    Unless, of course, you want to ship (more or less on time) a product that actually works, indeed, does anything at all besides print stack dumps. Meanwhile, you'll still be on the phone at 7:30 P.M. going "No, no, a hydrogen atom is one proton and one electron...".

  7. Hello I am from India Tech Support by zifn4b · · Score: 1

    Hello, my name is Sanjay and I am with the India State Tech Support Agency. I have received a notification from your computer that it has encountered a problem that needs to be fixed. If you will please give me your credit card information, I will help you fix your computer. Thank you for your cooperation and I'm sorry for the inconvenience this computer problem has caused you.

    Seriously, it's about time the love got spread around to India to see how they like being scammed.

    --
    We'll make great pets
    1. Re:Hello I am from India Tech Support by war4peace · · Score: 1

      It's part of their culture. Believe me, they know very well. Well enough to teach you a few things :)

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    2. Re:Hello I am from India Tech Support by CrashNBrn · · Score: 1

      I'm sure you meant Bob.

    3. Re:Hello I am from India Tech Support by zifn4b · · Score: 1

      I'm sure you meant Bob.

      I believe you're thinking of Rachel from Card Services

      --
      We'll make great pets
  8. Insourcing! by TimMD909 · · Score: 1

    At least the Indians can't blame their security on the incompetence of IT outsourced to a foreign country with a reputation for substandard software...

    So... there's absolutely no way this'll become political, right? I look forward to the calm and rational discussion that'll we'll be having here on Slashdot...

  9. Re: But 8 $ is worth a lot there... by nnet · · Score: 1

    0.61, and 1.25 downs.

  10. Re:Well, that's not very nice by cayenne8 · · Score: 1
    Well, to be fair......isn't $8 the equivalent of about $2 Billion Rupees?

    ;)

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
  11. Yes, I'm sure this is important but... by JudgeFurious · · Score: 1

    The real question we all want an answer to is how many Bothans died to bring us this $8 worth of information

    --
    Appended to the end of comments you post. 120 chars.
  12. Re:Well, that's not very nice by ShanghaiBill · · Score: 1

    It is really stupid to design a system that depends on "security through obscurity". A billion person database was unlikely to ever remain secure, since hundreds of thousands of bureaucrats need access to it everyday. So the security of the system should not have been designed on the assumption that any of that information is confidential.

    Using biometric information is reasonable if it is done as an additional factor. It is not reasonable to rely on it as the only factor (except perhaps for very small transactions), and it is ever dumber to store the biometric data on the ID card itself, where it can be easily falsified.

    The real story here is not "data breach" but "dumb design".

  13. Not a bad rate... by argStyopa · · Score: 1

    ...that's about double their net worth anyway.

    --
    -Styopa
  14. Apu From The Quicky Mart. by Zorro · · Score: 1

    Welcome! Would you like a Mango Slurpee with that data?

  15. Re:Please help me figure this out.. by gnick · · Score: 1

    ...UBI should be a thing because the big data companies are making a killing off your data.

    WTF does UBI have to do with "big data company" profits? They're not TOTALLY unrelated because they both involve money, but that's the end of the connection I see.

    When your data is only worth $.00000008, how does one expect UBI to be feasible?

    Because nobody's suggesting that we fund UBI with personal data sales. Are they?

    --
    He's getting rather old, but he's a good mouse.
  16. Re:Well, that's not very nice by vtcodger · · Score: 1

    A billion person database was unlikely to ever remain secure, since hundreds of thousands of bureaucrats need access to it everyday.

    So, what's the largest data base that can be secured? 100 million entries? 10 million? 1 million? Maybe more like 10 entries? ... 5 entries? ... one?

    If you're correct -- and for all I know, you are dead on -- it does not bode well for our shiny new digital universe.

    --
    You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
  17. Re:Globalization is Great by NoNonAlphaCharsHere · · Score: 1

    No, I mean you have to explain every fucking thing,usually from first principles.