Poor Website and App Security Responsible for Data Leak at Indane Gas

2019, Breaches, February

Who: Indane Gas

# of Accounts Breached: Could reach 6.7 million customers

When it happened: February 19, 2019

What happened: Insecure website and app code allowed data to leak from IndaneGas.

How it happened: This time, India’s state-owned gas company Indane left exposed a part of its website for dealers and distributors, even though it’s only supposed to be accessible with a valid username and password. But the part of the site was indexed in Google, allowing anyone to bypass the login page altogether and gain unfettered access to the dealer database. The data was found by a security researcher who asked to remain anonymous for fear of retribution from the Indian authorities. Data exposed included: Aadhaar numbers, which is similar to Social Security Numbers, contain personal information of citizens

Outcome: Aadhaar’s regulator, the Unique Identification Authority of India (UIDAI), is known to quickly dismiss reports of data breaches or exposures, calling critical news articles “fake news,” and threatening legal action and filing police complaints against journalists.