Massive Aadhaar Number & EID Number Data Leak Found in UIDAI myAadhaar Portal: Researcher Exposes Critical Vulnerability

Prime Desk May 5, 2025

108 1 minute read

In a shocking revelation, cybersecurity researcher Deepak Kumar has uncovered a major vulnerability in the myAadhaar portal managed by the Unique Identification Authority of India (UIDAI). The flaw, now fixed, exposed the Aadhaar numbers and Enrolment IDs (EIDs) of millions of Indian citizens, raising serious concerns about the privacy and security of sensitive personal information.

The vulnerability, discovered on the official myAadhaar portal, allowed unauthorized access to Aadhaar-related data without any form of authentication. Deepak Kumar responsibly disclosed the issue to CERT-In (Indian Computer Emergency Response Team), who acted swiftly to patch the flaw and secure the portal.

How the Breach Worked: Step-by-Step Breakdown

Detailed the step-by-step exploitation of the flaw:
• Initial Request Interception:
Upon logging into the myAadhaar portal, Kumar intercepted his own request and noticed that his Enrolment Number was being passed in plain form.

• Status Check Exploit After Logout:
After logging out, he accessed the “Check Enrolment & Update Status” section. By slightly modifying the Enrolment Number (e.g., decrementing the last digit), he was able to retrieve another user’s EID number—without needing any authorization or authentication.

• Understanding the EID Format:
The EID has a fixed format (e.g., 1234567890123420211009133034) consisting of a 14-digit enrolment number 14-digit enrolment number, 4-digit year, 2-digit month, 2-digit day, 2-digit hour, 2-digit minute, 2-digit second. This allowed the crafting and prediction of valid EIDs of other users.

• Aadhaar Number Exposure:
Using the newly acquired EID, proceeded to the “Download Aadhaar” section. After submitting the request and intercepting the response, he received the Aadhaar number of another user.

This loophole could have been exploited by malicious actors to access the Aadhaar data of Indian citizens, potentially leading to identity theft, financial fraud, and privacy violations.

CERT-In Responds Swiftly
Upon receiving the report from CERT-In responded promptly. The vulnerability has now been fixed by UIDAI, and the exposed endpoints have been secured.

🇮🇳 COVID SURGE DECLARED PUBLIC EMERGENCY IN INDIA

Mumbai’s Mountain of Waste: The Untold Story

Myntra Launches Biggest Fashion Fest: ‘End of Reason Sale’ Goes Live with Unbeatable Offers

Meet Amita Devnani: The Life Coach Guiding India Toward Emotional Wellness

Nothing Phone 2a Plus Community Edition : Specifications, Design & Everything you Need to Know!

Add Wheatgrass to Your Daily Routine for Health Benefits

Inspiring journey of Wali Rahmani: From ₹100 Donations to a Dream School

Mental Health Crisis at Work: WHO Reports 12 Billion Lost Workdays Annually

From GSDP to GDP Per Capita: India’s Top 10 Richest States

USCIRF Report : Criticizes Religious Discrimination Against Muslims in India

Massive Aadhaar Number & EID Number Data Leak Found in UIDAI myAadhaar Portal: Researcher Exposes Critical Vulnerability

Prime Desk

🇮🇳 COVID SURGE DECLARED PUBLIC EMERGENCY IN INDIA

Mumbai’s Mountain of Waste: The Untold Story

JAPAN MADE FAKE BLOOD THAT WORKS FOR EVERYONE

Relentless Rains Devastate Northeast India: 34 Dead, Thousands Displaced as Floods and Landslides Worsen

Ukraine Launches Devastating Drone Strike on Russian Airbases, Hits Over 40 Warplanes

Subscribe to our mailing list to get the new updates!

Massive Bulldozer Action at Chandola Lake Targets Illegal Settlements in Ahmedabad

AIRCRAFT CRASHES ON SCHOOL IN KASHMIR AFTER INDIA'S "OPERATION SINDOOR"

Related Articles