Personal Data of a Billion Indians Sold Online For $8, Report Claims

Michael Safi, reporting for The Guardian: The personal information of more than a billion Indians stored in the world's largest biometric database can be bought online for less than $8, according to an investigation by an Indian newspaper. The reported breach is the latest in a series of alleged leaks from the Aadhaar database, which has been collecting the photographs, thumbprints, retina scans and other identifying details of every Indian citizen. The report in the Chandigarh-based Tribune newspaper claimed that software is also being sold online that can generate fake Aadhaar cards, an identity document that is required to access a growing number of government services including free meals and subsidised grain. The Unique Identification Authority of India (UIDAI), which administers the Aadhaar system, said it appeared the newspaper had accessed only limited details through a search facility that had been made available to government officials.

Re:

[cayenne8]

Well, to be fair......isn't $8 the equivalent of about $2 Billion Rupees?

;)

Re:

[ShanghaiBill]

It is really stupid to design a system that depends on "security through obscurity". A billion person database was unlikely to ever remain secure, since hundreds of thousands of bureaucrats need access to it everyday. So the security of the system should not have been designed on the assumption that any of that information is confidential.

Using biometric information is reasonable if it is done as an additional factor. It is not reasonable to rely on it as the only factor (except perhaps for very small tr

Re:

[vtcodger]

A billion person database was unlikely to ever remain secure, since hundreds of thousands of bureaucrats need access to it everyday.

So, what's the largest data base that can be secured? 100 million entries? 10 million? 1 million? Maybe more like 10 entries? ... 5 entries? ... one?

If you're correct -- and for all I know, you are dead on -- it does not bode well for our shiny new digital universe.

Intel

[110010001000]

Thanks Intel.

Identity of a billion Indians worth only $8

[swb]

I'm trying to understand the price/value issue in play here.

Re:

[Ayano]

This both looks and sounds bad.

Re:

[Anonymous Coward]

Maybe you will glean some insight into why facebook, microsoft, google, et al are so in favor of the H1-B programme

Re:

[Marxist Hacker 42]

But average them out worldwide, they're a LOT poorer. It's only the rich ones who are able to emigrate.

Re:

[vtcodger]

India has been independent for 70 years. From what I've read of Vikas Swarup (Q&A,Six Suspects) and the tales of acquaintances who have worked there , the Indians managed the transition from looting by Europeans to domestically managed looting quickly and seamlessly.

Re:

[gnick]

I think AC was suggesting that being Indian affects your income more than being Hindu. I'd like to think that being Hindu has little to do with it. The numbers AC linked to seem to support that.

Re:

[EvilSS]

Probably supply vs demand. Either there isn't much demand for it, or it's way too easy to get from other sources to be valuable.

Re:

[ShanghaiBill]

I'm trying to understand the price/value issue in play here.

Most likely the database is available from more than one seller, and competitive pressure is pushing the price down to near the marginal cost of providing the goods.

This is indicative of a properly functioning free market.

Re:

[nukenerd]

I'm trying to understand the price/value issue in play here.

You read it right : a billion Indians are worth $8

Re:

[ArchieBunker]

The country is a literal shit hole.

Re:

[NoNonAlphaCharsHere]

Unless, of course, you want to ship (more or less on time) a product that actually works, indeed, does anything at all besides print stack dumps. Meanwhile, you'll still be on the phone at 7:30 P.M. going "No, no, a hydrogen atom is one proton and one electron...".

Re:

[NoNonAlphaCharsHere]

No, I mean you have to explain every fucking thing,usually from first principles.

My offer is $3

[JoeyRox]

And I want a large Cherry Slurpee included as well.

Re:

[Anonymous Coward]

Yes sir you will receive the needful.

A fine example.

[Gravis Zero]

This is a good example of what happens when you fail to invest in strong security. I'm not talking just about getting hacked, I'm also talking about employees walking off with your data and selling it. The ability to access this information should have been heavily scrutinized and limited. I'm guessing India had an amateur hour setup and has no way of tracking how this information was even taken.

Re:A fine example.

[Archangel Michael]

It isn't the security that is the problem, it is that we accept, blindly, that people are who they say they are. Until we assign fraud back to the lenders, credit providers, and the aggregators of such information, and not the individuals who are being spoofed by hacks such as this, we won't actually solve the problem.

But this is done by design and will never change.

Re:

[ShanghaiBill]

Indeed. A system that allows anyone to take out a loan in my name by reciting the last four digits of my SSN is not secure. Nor is a system that allows a thief to use a stolen credit card as long as he knows the 3 digit CVV code that is printed directly on the back of the card.

Re:

[cascadingstylesheet]

I'm guessing India had an amateur hour setup and has no way of tracking how this information was even taken.

Maybe they outsourced it {rimshot}

But 8 $ is worth a lot there...

[140Mandak262Jamuna]

Based on the purchase power parity calculation and using the McDonald Burger index, 8 USD works out to several billion Indian Rupees.

Re:

[nnet]

0.61, and 1.25 downs.

Hello I am from India Tech Support

[zifn4b]

Hello, my name is Sanjay and I am with the India State Tech Support Agency. I have received a notification from your computer that it has encountered a problem that needs to be fixed. If you will please give me your credit card information, I will help you fix your computer. Thank you for your cooperation and I'm sorry for the inconvenience this computer problem has caused you.

Seriously, it's about time the love got spread around to India to see how they like being scammed.

Re:

[war4peace]

It's part of their culture. Believe me, they know very well. Well enough to teach you a few things :)

Re:

[CrashNBrn]

I'm sure you meant Bob.

Re:

[zifn4b]

I'm sure you meant Bob.

I believe you're thinking of Rachel from Card Services

Apu From The Quicky Mart.

[Zorro]

Welcome! Would you like a Mango Slurpee with that data?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[gnick]

...UBI should be a thing because the big data companies are making a killing off your data.

WTF does UBI have to do with "big data company" profits? They're not TOTALLY unrelated because they both involve money, but that's the end of the connection I see.

When your data is only worth $.00000008, how does one expect UBI to be feasible?

Because nobody's suggesting that we fund UBI with personal data sales. Are they?

Yes, I'm sure this is important but...

[JudgeFurious]

The real question we all want an answer to is how many Bothans died to bring us this $8 worth of information

Not a bad rate...

[argStyopa]

...that's about double their net worth anyway.