Hyderabad: Security vulnerability of Andhra Pradesh government websites were exposed when a France-based cyber security researcher alerted the AP Board of Intermediate Education that personal information of lakhs of its students was being leaked. The security vulnerability was found on the AP BIE website which allows intermediate students to access exam results using their hall ticket numbers. The Andhra government has, meanwhile, taken down the site.
One of your website leaks the personal data of students including the #Aadhaar numbers, photos, father and mother names. Can you contact me immediately in private to fix the situation?
— Elliot Alderson (@fs0c131y) February 19, 2020
A France-based cyber security researcher, Robert Baptiste, on Thursday tweeted to Andhra Pradesh Chief Minister’s office stating that one of their sites was leaking the personal data of students, including the student’s Aadhaar number, photograph, name of their parents. The Andhra Pradesh government reached out to Mr Baptiste and he disclosed the issue to a team of cyber experts from the government.
Mr Baptiste told NewsMeter, “The personal data of students has been leaked by this official website. Authorities and developers need to take privacy and security of their users seriously. They should at least add authentication to access this information. The personal data of students was easily available. You only needed a valid roll number to get the data. It is easy to guess these student’s roll numbers.”
He further said he has not come across such security glitches on other websites of Andhra Pradesh and Telangana. Around 9.6 lakh students are to write the intermediate board exams in March. The first year intermediate public examination (IPE) will commence from 3 March and the second year from 5 March.