The personal information of 3.84 crore users is at stake due to a major security flaw in the cloud-based government document saver app and site DigiLocker. DigiLocker had this bug sign in process about which a security researcher had reported last month. Due to this bug, two factor authentication could be bypassed, currently this bug has been fixed for now. According to security researcher Ashish Gehlot, one time password (OTP) and a PIN are required to sign in DigiLocker, but it bypassed two factor authentication through Aadhaar number.
This special message will be shown on the stolen iPhone
Ashish has given information about this on the medium website. According to Ashish, taking advantage of this bug, a person with little information could also download your document from your DigiLocker and change your profile. Even after Gehlot told that the pin bypass has been fixed by the government a few days ago, but the OTP flaw was rectified on Monday, although there is no statement from Digilocker about this bug yet. As per the latest data, 3.84 crore are currently using DigiLocker.
More data will be available on Airtel's best long term recharge plan
Documents like Aadhaar Card, College Certificate and Mark Seat are available on this platform. DigiLocker is handled by the National e-Governance Division (NeGD). Recently, the data in the digital payment app Bhim App was leaked. Israel's security firm vpnMentor claimed in its report that the data of about 70 lakh Bhim app users in India has been leaked. The company claims that this data was leaked when it was being uploaded to the Bhim app.