New Year attack: Hackers to leak Aadhaar data of 100 crore Indians?

Legion’s threats come amid increased scrutiny of UIDAI security even as the ID scheme is slated to play a prominent role in Digital India initiatives


Weeks after hacking into the social media accounts of prominent personalities, the “We are Legion” hacker group has threatened a New Year’s bombshell: a likely dump of Aadhaar data. The Unique Identification Authority of India (UIDAI) database contains the personal details of more than 100 crore Indians.

In an interview published on a blog, a group member(s) highlighted points of vulnerability on the UIDAI database. The member said the database had multiple points of entry and used the Zimbra collaborative software suite, which had faced security issues.

The group also warned that it had obtained the login credentials of more than 60,000 Indian accountants on the online file storage platform Dropbox. The data related to the accountants could be explosive, warned Legion, given the information related to rich clients.

As in the past, Legion warned that “chaos would ensue” if such data was released.

The revelations come weeks after Legion hacked the official Twitter accounts of Congress leader Rahul Gandhi and the Congress party, NDTV journalists Barkha Dutt and Ravish Kumar and fugitive businessman Vijay Mallya, among others. Following the incidents, Legion warned that it would target the email system used by parliamentarians.

While it is unclear if the group will indeed conduct a data dump, given its seemingly sensationalist approach in media interactions, the latest threat will lead to a renewed focus on the security of our Aadhaar data. This becomes pertinent in the wake of the Central Government’s determination to standardise on Aadhaar as the main prerequisite for digital transactions and disbursements of subsidies.

The UIDAI issued the 100th crore Aadhaar card mark in April this year. In a recent article, Newsable had raised concerns about plans to enable Android phone users to conduct digital transactions using their Aadhaar credentials and biometric information.