An IIT-Kharagpur alumnus, who had a job with ANI Technologies, which owns Ola cabs, that paid him ₹40 lakh per annum, gave a six-hour demonstration to Bengaluru police to demonstrate how he had managed to hack into Aadhaar data stored on a government website.
According to The Times of India, 31-year-old Abhinav Srivastava, who comes from Kanpur in Uttar Pradesh, shocked the authorities as he took them through the steps he had followed to break into the e-hospital site owned by the government of India.
"He said the absence of Hypertext Transfer Protocol Secure (HTTPS) from the URL helped him hack into the e-hospital website. HTTPS is the secure version of HTTP (Hypertext Transfer Protocol)," a source told ToI, adding that the entire revelation was recorded on video camera.
In a complaint filed on 26 July, the Unique Identification Development Authority of India (UIDAI) alleged that Srivastava accessed data from the e-hospital portal since 1 January without any authorisation for an app called 'e-KYC Verification', which he had developed and hosted on Google's Play Store. Anyone clicking on the app could get access to the Aadhaar data available on the website. So far, Srivastava is believed to have earned ₹40,000 from revenues generated by advertisements on his app.
The app claims to have been created by an entity called myGov, which is linked to a start-up called Quarth Technologies. Intriguingly, Quarth Technologies, a company previously started by Srivastava with a friend, was acquired by Ola, the taxi-hailing service, in 2016.
In spite of breaching several laws and liable to be charged for serious offences, Srivastava claimed that his intentions were innocent. "I developed the app giving out e-KYC details, thinking it would help the common man access Aadhaar information. I had no other intention," he told the police.
Since its imposition on the citizens by the government, Aadhaar has run into serious instances of breach of confidential data. In April this year, in one of the most staggering such cases, personal details of a million pensioners, including bank information, were leaked in Jharkhand.
Also on HuffPost