EPFO – Employee Provisional Fund Organization recently shut down its website a day ago, since the aadhar seeding portal was hacked.
The EPFO is for the formal sector workers of India.This organization assists in carrying out compulsory Provision fund schemes (shortly known as PF-which is an insurance scheme for workforce).
Hackers have found certain vulnerabilities in the website aadhar.epfoservices.com. These vulnerabilities come under the category of “Backdoor shell” and “Strut vulnerability“.
Backdoor shell implies that someone got access to it through the back-end, which means they could get administrative privileges and manipulate the systems This data theft incident was already reported days before.
Even though the aadhar.epfoservices.com portal is deployed on the servers with IP address 188.8.131.52 hosted at National Datacenter, New Delhi, for a few days the portal has been remotely managed by the server by Common Service Center (CSC) Team.
On May 1, 2018, Delhi journalist Aravind Gunasekran posted a tweet on twitter regarding this data theft.
This is why the EPFO shut down the aadhar seeding portal where data breaching of user sensitive information was done.
Also, this is not the first time that the Apache Struts vulnerability has been exploited by hackers to gain access to Aadhar data.
In March this year, it was reported that the India Post database containing bank account details of employees and other sensitive customer information was exposed to hackers through the same vulnerability even as the organization insisted that there was no data loss.
Aadhar biometric details are meant to be secure but after all these kinds of incidents, people need to be more vigilant about aadhar information.
This aadhar seeding portal is usually used to link the UAN(Universal Account Number) with the aadhar number.
UAN is an 18 digit number which helps the users to access their provident fund schemes on the portal with ease.
Generally, when an employee changes an organization, his/her mutual fund member ID also changes.
UAN was introduced to link these multiple Member Identification Numbers allotted to a single individual by the employer.
Now, when you switch your job, you just need to provide your UAN to your employer so that the new employer can link the new member Identification number of the organization to your existing Universal Account Number.
UMANG(Unified Mobile app for new age governance) is now used instead of the aadhar portal which is quite efficient and user-friendly.
This app allows the users to access Indian Government service online.
However, this data theft was due to some problem that occurred in CSC(Common Service Center) and not the National data center.
Some of the main officials namely Central Provident Fund Commissioner V P Joy also stated that no serious accidents happened and it can be solved asap.
The web portal was immediately closed after the data theft happened and the officials refused to use the CSC server in the upcoming days.
It is high time Time to be vigilant and alert.