Aadhaar Safari Game by Elliot Alderson Revealing Data Leak on Government Websites is Helping Indian Authorities and Citizens Alike; Here’s How
Aadhaar Safari Game by Elliot Alderson (Photo Credits: Twitter, @fs0c131y)

French cybersecurity expert Baptiste Robert, who goes by the pseudonym Elliot Alderson on micro-blogging site Twitter, has come to the rescue of many Indians and has indirectly helped the government in several Aadhaar data leak cases. Alderson has pulled up several government websites recently which exposed sensitive Aadhaar data of a number of citizens, which were made public. However, most of these websites promptly fixed the data leak. The cybersecurity expert appreciated the quick turn around time of these government agencies and departments.

On September 20, Alderson took to Twitter and began a game, which he termed as 'Aadhaar Safari'. The game finds Aadhaar card details that can be accessed on public platform. "Two days ago, I started a new game called Aadhaar Safari. The game is simple. Find Aadhaar cards available publicly. You receive bonus point if the cards are stored on a governmental website. Ofc, everyone can play, feel free to send me your findings by DM", he tweeted. Aadhaar Data Breach: Meet Elliot Alderson, The French Android Developer Exposing Data Leaks Right, Left And Centre.

Here Are a Few Examples:

1. The Gujarat government’s real estate regulatory authority website- https://gujrera.gujarat.gov.in had allegedly left one of its download URL unprotected. Due to this, sensitive citizen data of citizens were exposed on Internet. Alderson tweeted, "Can you guess what is happening if I replace XXX by the correct number?" Soon after the tweet, the agencies were quick to fix the issue in 12 hours.

Here's the tweet:

The cybersecurity expert later tweeted saying, "Someone saw this tweet, the problem has been solved. The Indian government should do a general audit of their websites because, unfortunately, I can play this game for a very long time". 

2. Another Indian governmental website was found to be leaking the Aadhaar card details. The website- ipindiaonline.gov.in was found to have leaked sensitive information publicly on their website.

Here's the tweet:

The tweet by Alderson received a prompt response, the website was shut for some time and the issue was fixed in 3 hours. "Did they just shutdown http://ipindiaonline.gov.in after my tweet? You are clever folks: you cannot leak personal data if the website is down", he tweeted. 

3. Another data leak incident was spotted by the cyber-security expert from Haryana. The Haryana government’s real estate regulatory authority allegedly displayed details of a number of citizens on their website. "Hi #haryanarera, The #Indian governmental website http://haryanarera.gov.in is leaking #Aadhaar cards", Alderson tweeted. The issue was fixed in 4 hours, he mentioned in another tweet. 

Here's the tweet:

The aim of the game started by Alderson was to get rid off Aadhaar data from public Internet and raise awareness around the need of protecting such personal documents. Even in the past, the French cybersecurity expert has exposed several such incidences related to data breach of PAN cards, Aadhaar cards, passport size photos, income tax details among other documents.