An IIT graduate has been arrested for illegally accessing the Aadhaar database: Report
Abhinav Shrivastava, an IIT graduate who is currently working at Ola, has been arrested by the Bengaluru police for illegally accessing the Aadhaar database
Abhinav Shrivastava, an IIT graduate who is currently working at Ola, has been arrested by the Bengaluru police for illegally accessing the Aadhaar database.
A complaint filed by the UIDAI on 26 July alleges that Shrivastava accessed the database “without authorisation between 1 January and 26 July”, reports The Indian Express.
Shrivastava and a batch mate had founded a startup called Qarth Technologies in 2016 and had developed an app called ‘Aadhaar eKYC’ that would allow users to verify Aadhaar numbers. This startup was later acquired by Ola. The app was available on the Google Play Store and had at least 50,000 users. The app has since been pulled down.
The police cybercrime unit claims that Shrivastava hacked into servers related to the e-Hospital system created under the Digital India initiative. The app would then illegally route verification requests to the Aadhaar database through these servers.
The e-Hospital app is authorised to access Aadhaar data and is a health information management system that handles patient records and provides other related services.
The Hindu reports that the e-Hospital company was unaware of Shrivastava’s activities. The breach was discovered when the UIDAI was conducting an audit of its authentication systems.
Before being acquired by Ola, Qarth technologies developed a total of five mobile apps. These are currently being inspected for violations as well. Ola acquired Qarth to make use of an e-wallet service called X-Pay. The police are now trying to determine if Shrivastava’s illegal app was used “in any form by Ola”, adds the report in The Hindu.
Subscribe to Moneycontrol Pro at ₹499 for the first year. Use code PRO499. Limited period offer. *T&C apply
According to the link to a story tweeted out by Wikileaks, tools developed by Cross Match Technologies are being used by CIA to access the Aadhaar database.
Despite reports to the contrary, UIDAI insists that the Aadhaar leak is a case of misuse and not an actual breach
But the newspaper stood by its story, saying the UIDAI claiming no breach of Aadhaar data "flies in the face of that".
The petitioners argued that there can be a voluntary ID card system without authentication data that would not be used to collect data.