The personal information of 3.84 crore users is at stake due to a major security flaw in the cloud-based government document saver app and site DigiLocker. DigiLocker had this bug in the sign-in process about which a security researcher had reported last month. Two-factor authentication could have been bypassed due to this bug, although this bug has been fixed for now.
What is this Bug
According to security researcher Ashish Gehlot, a one-time password (OTP) and a PIN are required to sign in to DigiLocker, but they bypassed two-factor authentication through Aadhaar number. Ashish has given this information on the Medium website.
According to Ashish, taking advantage of this bug, a person with little knowledge could also download your document from your DigiLocker and change your profile.
Even after Gehlot informed, the pin bypass has been fixed by the government a few days ago, while the OTP flaw was rectified on Monday, although there is no statement from company yet about this bug.
Let us know that according to recent data DigiLocker is currently using 3.84 crores. Documents such as Aadhaar Card, College Certificate, and Mark Sheet are present on this platform. It handles the National e-Governance Division (NeGD).
Let us know that recently the data in the digital payment app BHIM App was leaked. Israel’s security firm vpnMentor claimed in its report that the data of about 70 lakh BHIM app users in India has been leaked. The company claims that this data was leaked when it was being uploaded to the BHIM app.