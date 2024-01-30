A cybersecurity glitch in the Rajasthan government's Jan Aadhaar portal has been rectified after imperiling the personal and sensitive information of millions of residents. Jan Aadhaar, a state initiative, assigns unique identifiers to individuals and families in Rajasthan to ease access to welfare schemes. The security flaws, unearthed by Viktor Markopoulos of CloudDefense.ai in December, permitted unauthorized access to personal documents and information, provided the attacker had the victim's phone number. Moreover, the portal failed to appropriately validate one-time passwords, resulting in sensitive data exposure. The Indian Computer Emergency Response Team (CERT-In) stepped in, and the vulnerabilities were rectified last week.

Jan Aadhaar: A Digital Gateway to Welfare

The Jan Aadhaar portal, boasting over 78 million individual registrants and 20 million families, commenced operations in 2019. It aimed to provide a singular number, card, and identity for accessing state welfare programs. This initiative represented a significant stride towards digital inclusivity and streamlined welfare access. However, the recent security lapse underscores the persistent challenge of ensuring robust data protection in an increasingly digital world.

The Security Breach: An Unwanted Exposure

The security breach on the Jan Aadhaar portal exposed sensitive information of millions of residents, including Aadhaar cards, birth and marriage certificates, and income statements. These vulnerabilities were discovered by security researcher Viktor Markopoulos and were swiftly fixed by CERT-In and the Jan Aadhaar Authority. This incident intensifies recent concerns surrounding Aadhaar, following a massive data breach in October 2023.

'Operation RusticWeb': A Cyber Espionage Campaign

In a separate cyber-related incident, a sophisticated espionage campaign christened 'Operation RusticWeb' was uncovered by researchers. This operation aims at Indian government personnel to pilfer confidential documents using Rust-based malware and encrypted PowerShell commands. Seqrite, the enterprise arm of the global cybersecurity solutions provider Quick Heal, first detected the campaign in October 2023. This revelation underscores the escalating threats in the digital realm and the imperative for comprehensive security measures.