Indian Oil Corporation-owned Indane, is one of the biggest Liquid Petroleum Gas (LPG) suppliers in India. It caters to more than 90 million customers, but apparently, has a weak website and mobile app security, allowing an ethical hacker to pull several millions of customer details and Aadhaar details, in addition to hundreds of distributers information.
Renowned French white hat hacker Baptiste Robert known as Elliot Anderson on Twitter has revealed that he infiltrated into the Indane's official website and also the mobile app and was able to find several loopholes that enabled him to fish out more than 6.7 million user details including Aadhaar number, home address and phone numbers. Anderson was also able to trace more than 700 distributors of the Indane.
Elliot has been leading the crusade against privacy issue associated with the Unique Identification Authority of India (UIDAI), the agency which gives Aadhaar numbers to citizens, which is the only means to get government subsidies and several other services.
However, this latest revelation we cannot put blame on UIDAI, but Indane's lack of proper security protocol on its website has compromised the personal information of the customers.
Being an ethical hacker, he blocked the customer and dealer details on his Medium blog, but has tried to show the flaws in the Indane website to the concerned officials.
Now, after the news becoming public, Indane has finally pulled up their socks and has shut the company's dealer portal website.
As of now, there is no statement from Indane. Stay tuned.
