So here's the story about a big Fuck up by a TRAI chief in India

He posted an open challenge on twitter:
"Here's my 12 digit Aadhar card (social security no for Indians) number. Show me if you can do any harm to me. "

And Twitter obliged, a French hacker aliased @fs0c131y (Elliot Alderson) took the challenge and he started posting his phone number, email, and other personal stuff on twitter.

Still the official thinks he's safe and no harm has been done to him! He openly says, "Even if you get my bank account no what can you do?"

  • 8
    Sounds like no harm has befallen him yet.

    Of course, not much of a test as no professional criminal hacker is likely to target him to post on Twitter how he did it.

    More a social experiment than a technical demonstration.
  • 4
    Well, in theory no harm has been done.

    As long as he uses a different strong non-personal password on each site he should be safe for the most part.

    The only real treat here is identity fraud
  • 2
    @undef Hey, it's me. It's been four minutes, are you done yet?
  • 3
    @undef 7 minutes.

    We are waiting...
  • 2
    Lol saw that. He fucked himself.

    Aadhar is the shittiest thing we got.
  • 2
    I dunno about this. Sounds like a rather dangerous stunt. I'm not sure that having different passwords on different sites can help you if they can register / request credit online or start making purchases in his name.
  • 1
    @undef linking out of fear has nothing to do with Aadhar security.

    SC is PM's slut.
  • 0
    @undef ???
  • 4
    @undef mentioning about your father being an Indian Railway employee is best argument 😂😂😂😂

    "Jaanta hai mera baap kaun hai?" types.

    Anyway, his details might be public but that doesn't mean your or my details are public.

    This might be attention seeking stunt, but that doesn't mean Aadhar is secure.

    Aadhar is bullshit and so is PM and all his decisions.
  • 0
    @undef ex8what OP is trying to highlight.
  • 1
    I heard he has a pornhub account.
  • 0
    Everyone does.
    I bet auth servers of PH*b are way busy than Google's
  • 2
    Actually this same gimmick was done by one security company (which maintains IRS numbers related stuff)CEO, who put his IRS number in a advertisement, and told its secured.
    After a day or so, there were so many case of his identity theft
    Edit : company name is equifax
  • 0
    I don't know y we need the this number,
    See it's a one more addition to already existing numbers like PAN etc..
    Even after having aadhar I need voting ID etc..
    This baseless number, providing easy way to others to steal our data

    But I have personally worked with aadhar authentication, trust me servers are highly secured, but the APIs that are used are not, these APIs only fetch data, and these are easily exploited.
    Like I used an api, u can take data easily, because I think it was through some file, which was locally present.
    (Iam not a hacker, have very basic knowledge on security) I itself feel, proper professional can do it.
  • 4
    @Nawap really? I also watch porn occasionally but I never go to the extent of creating accounts in porn sites.

    Even if I had to make one on such sites, I'd be using a mail id just for that, not a personal one.
  • 0
    Exactly not personal one,
    Trust there are tons ppl who have paid account!
    And I think the app requires a sign in!
    And what abt the one who uploads, u need a sign in for them atleast
  • 0
    Wow u have explained better to others!
    Exactly tell Elliot to crack CIDR server and get our biometrics.
    Nice article,
    But these AUA's are actually regulated, they are actually made to sign contract, where they tell thier responsible for the breach.
    These hackers exploit these APIs only and tell the hacked Aadhar
Your Job Suck?
Get a Better Job
Add Comment