Nutrition website

PM-Kisan Website Security Vulnerability Risked 11 Million Farmer Aadhaar IDs

Just months before the February 2019 general elections, the government led by Prime Minister Narendra Modi launched the flagship Pradhan Mantri Kisan Samman Nidhi Yojana (aka PM Kisan programme) program to provide monetary benefits to farmers across the country.

Since the launch, more than 11 crores (110 million) citizens have registered with an Aadhaar ID number on the PM Kisan website.

Now it has emerged that the website had a security breach and may have compromised the farmers’ Aadhaar social security number.

Due to a lack of proper authorization protocol on the PM-Kisan website, a terminal connected to the user database was left vulnerable to attacks by malicious actors. Even those familiar with coding could have written a program to retrieve all the Aadhaar ciphers, independent cybersecurity expert Atul Nair said on his blog.

The PM-Kisan website has a dashboard that offers easy-to-understand information such as the number of farmers enrolled in the program and a breakdown of details including villages, districts and states.

PM-Kisan website (screenshot)

All eligible farmers receive Rs 6,000 in three installments (Rs 2,000 once every four months) per year.

“My father is a farmer and he is benefiting from PM Kisan Yojana. So while using the website, I saw the functionality of the dashboard. As a security researcher, I thought to check the functionality for the security issues. There is no monetary benefit to this. I just wanted to secure it, and CERT-In did a great job responding and resolving the issue,” Kannur-based Atul Nair told DH on how he discovered the security flaw on PM-Kisan’s website.

Nair earlier this year on January 29 promptly reported the security issue with CERT-In (Indian Computer Emergency Response Team). The latter replied with an acknowledgment of receipt on January 31.

The following month, CERT-In advised that the aforementioned issue had been escalated to the relevant department and was finally resolved in May.

So far, there are no leaked reports of farmers Aadhaar card details.

Get the latest news on new launches, gadget reviews, apps, cybersecurity and more on personal tech only on DH Tech.