Chennai Corporation Website Leaks All Birth Certificates Since 1910

Share on Facebook Tweet Snapchat Share Reddit Comment
Chennai Corporation Website Leaks All Birth Certificates Since 1910

The website managed by the Corporation of Chennai has inadvertently leaked the private details of citizens born in Chennai since 1910, by not putting in any verification checks whatsoever.

Anyone on the Internet can enter any random date and gender to download birth certificates of Chennai citizens born since 1910 as pdf files. The breach was pointed a few hours go in a tweetstorm by Twitter user ST_Hill.

chennai_leaks_body.jpg

As mentioned by him, we were able to download birth certificates as pdf files without entering any security checks, other than a number verification code.

It's quite likely that once the entire internet discovers this data breach, phishers and hackers could easily steal the identities of citizens on from the portal through crucial details like date of birth, address, mother's name, which form a part of security checks in online commerce and banks.

Senthil also points out a simple hack that enables users to skirt the number verification sequence - simply by editing the date in the URL. This gives identity thieves an even easier backdoor for mass identity theft. In the same Twitter thread, Karthik Balakrishnan reveals that the URLs are sequential, making it even easier for a hacker to design a script and scrape all the personal data from the certificates.

Such data breaches do bring into question whether government bodies have fully understood the importance of keeping citizen data private and secure in their rush to digitise India. Earlier this year, Trai had released emails with names of everyone who had submitted responses to its consultation paper on net neutrality.

Gadgets 360 has emailed the Chennai Corporation heads informing them about this breach, and has requested a comment asking for an update on activity logs and latest visitors statistics on its website.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Microsoft Takes Strong Stand Against Adware on Windows
Samsung Galaxy A9 Passes Certification Site, Tipping Design and Specifications
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com