In a tragicomic incident, former Unique Identification Authority of India (UIDAI) Director General, and current TRAI Chairman Ram Sewak Sharma shared his Aadhaar card number on Twitter challenging users to show him one concrete example where they can do any harm to him by using the number. Accepting the challenge, several ethical hackers returned with his personal information, including his phone number, email ID, PAN number, alternate email IDs and even his Air India’s Frequent Flyer number. The hackers didn’t stop there and deposited Re 1 in his bank account, showing that they even managed to get his banking details through his Aadhaar number. In response to the trolling on social media, the government said that no data has been fetched by any hacker and the Aadhaar database is safe.
The incident started off on July 18 when when Sharma, replying to a twitter user @kingslyj, saying, “My Aadhaar number is 762177682740. Now I give this challenge to you: Show me one concrete example where you can do any harm to me!” After he tweeted, ethical hacker Elliot Alderson, posted his phone number. The hacker also posted a photo of his wife and daughter, his personal address, date of birth, an alternate phone number, and PAN card number. Another person @DeanOfJio tweeted Sharma’s alternate email ID and said his gmail ID and yahoo ID are connected to each other. He also posted the TRAI chief’s Air India’s Frequent Flyer number and a screenshot of a chat session with the airlines.
A third twitter users, who goes by the name @enggdhiman, made Sharma’s Fake Aadhaar card and claimed that he has uploaded it to Facebook and Amazon Cloud Services, and both of them have accepted the card as the proof of his identity. The scenario did not end here. Another user claimed that he has ordered a OnePlus 6 smartphone from Amazon using his address and phone number and has made it a Cash On Delivery order. “Please pay money accept my gift,” he posted.
Meanwhile, the government has said, “No data could be fetched by any hacker from either UIDAI or any other website using TRAI Chairman Ram Sewak Sharma’s Aadhaar number which he had voluntarily disclosed on Twitter.
The officials told ET that one hacker had tweeted that he has got Sharma’s personal details by hacking Aadhaar data base- for cheap publicity. “Instead he fetched his personal details from different sources and claimed that he got it from Aadhaar data base. He fetched his mobile number from NIC website. Sharma was once Secretary IT and hence head of NIC.
“They got his date of birth from Civil List of IAS Officers which is kept in public domain. He got his address from TRAI Website because he is TRAI Chairman right now…got his email id from IIT Delhi alumni portal which is also in public domain. Using his mobile number they got his Whatsapp and downloaded his profile photo. They clubbed all these inputs and claimed that they have managed to breach Aadhaar database and get his personal details,” senior government officials told the national daily.
Legitimate or not, hackers posting personal details of an Indian bureaucrat is surely a concerning problem of the emerging digital world. Although some people might find the whole incident hilarious, there is a dark undertone to it when you think about the security of the Aadhaar scheme. No data is safe and information about you can be revealed or used against you. It is advised that people do not share sensitive information in the public domain.
For the background, Ram Sewak Sharma is an Indian bureaucrat and currently, Chairman of the Telecom Regulatory Authority of India (TRAI). He served as the Director General of UIDAI (2009–2013), which is an agency of the Indian government responsible for implementing the Aadhaar scheme, that aims to provide a unique identification number for all residents of India.
In January, the UIDAI had introduced a 'Virtual ID' (VID) to safeguard the data of Aadhaar cardholders. A Virtual ID, or VID, is randomly-generated 16-digit number which can be used for authentication instead of the original Aadhaar number. According to the UIDAI, VID will be a temporary and revocable number which is mapped with the Aadhaar number. It will not be possible to derive Aadhaar number from VID and it will strengthen the security of the cardholders’ details.
Now banks and government departments have till the end of July to upgrade their systems to process the 16-digit VID as an alternate to Aadhaar numbers. The UIDAI has already begun levying a charge of 20 paise per transaction for telecom and e-sign generating companies that have not implemented the new system from its earlier deadline, that is, July 1. The authority will reverse the charges if these firms comply by July-end.