Hyderabad: Hacked panchayat raj site fixed
Hyderabad: Registration documents of land from the Panchayat Raj Informatics system (PRIS) website of Andhra Pradesh government were available online till Wednesday for all. A security researcher, who goes by the name Robert Baptiste on social media, brought out this lapse, forcing the government to fix it.
“The government website was leaking 4,769 files. In the open directory, one can find biometric data, Aadhaar card scans and more (sic),” he said.
On how he was able to access the files, the reply was, “This is not a hack at all. The data is available to everyone with a single Google search query.” By navigating to http://pris.ap.gov.in/bpl/uploads/, a user could access land registration documents of thousands of users.
Under the name Elliot Alderson and twitter handle @fs0c131y, he not only posted images but also added, “You have to admit that there is an issue here if even a government website is not able to handle personal data of citizens correctly (sic).”
Hours after the flaw was detected, the particular web-page was replaced with a blank one. However, Deccan Chronicle could access some of the documents and figured that these related to land registration.
Later, in the day, the core issue was addressed and public access to the directory was revoked. An attempt to access the files gave a ‘forbidden’ and ‘permission denied error’.