Aadhaar EPFO services website vulnerabilities exploited by hackers giving them access to employee PF data
Aadhaar related problems refuse to die down it seems. In a shocking revelation, it has been reported that Employees’ Provident Fund Organisation (EPFO) data has been allegedly stolen by hackers who have exploited vulnerabilities in the website aadhaar.epfoservices.com.
The hack was discovered by Twitter users @raydeep and @arvindgunasekar, who tweeted out photos of a letter titled ‘Secret’ which was addressed to Dinesh Tyagi, CEO Common Service Centre (CSC).
The letter, written out by Central Provident Fund Commissioner Dr VP Joy, specified of the data theft from the ‘ICT Infrastructure of Aadhaar Seeding Service for Employees by exploiting the vulnerabilities in the website aadhaar.epfoservices.com’.
The letter explained that the vulnerabilities were classified as ‘Strut Vulnerability’, and ‘Backdoor Shells’. For the time being CSC has been asked to deploy its Techincal Team in order to ‘plug in the identified as well as other vulnerabilities in the aadhaar.epfoservices.com website”.
The Intelligence Bureau has been tasked with securing this confidential data and run a thorough audit and assessment of the system, as per the letter. However, the authenticity of this letter is still to be verified.
As per a report by LatestLY, as many as 2.75 crore Indians have seeded their PF account with their Aadhaar number.