A simple IDOR in India’s income‑tax portal let any logged‑in user view other taxpayers’ records by swapping PAN numbers, exposing names, addresses, bank details, and Aadhaar IDs. When a single national identifier is linked across services, one portal bug becomes a gateway to large‑scale identity theft and fraud. This turns routine web mistakes into systemic failures.
— It warns that centralized ID schemes create single points of failure and need stronger authorization design, red‑team audits, and legal accountability.
msmash
2025.12.01
70% relevant
Preinstalling a government app that likely integrates IMEI/device identifiers and telecom data increases centralized attack surface and single‑point‑of‑failure risk much like the Aadhaar/ID aggregation example: a bug or breach in the app or its backend could expose nationwide device/identity data.
BeauHD
2025.10.08
100% relevant
TechCrunch’s report that India’s e‑Filing portal exposed Aadhaar numbers and bank accounts via an IDOR vulnerability.
← Back to All Ideas