Indian Post Office Portal Exposes Thousands of KYC Records – Aadhaar & PAN at Risk!

A major security flaw in the Indian Post Office portal exposed thousands of KYC records, including Aadhaar numbers, PAN details, and personal data. The vulnerability, known as an IDOR attack, allowed unauthorized users to access sensitive data simply by altering numbers in the website’s URL. This incident highlights the urgent need for stronger cybersecurity in government platforms.

  • A security flaw in the Indian Post Office portal exposed personal KYC details, putting thousands of users at risk.
  • Attackers exploited a loophole in the portal’s URL structure, enabling unauthorized access to Aadhaar and PAN data.
  • The vulnerability allowed anyone to retrieve confidential KYC documents by changing document ID numbers in the URL.

  • Ethical hackers reported the flaw, and CERT-In worked with the Indian Post Office to patch the vulnerability.

  • Government portals must implement strict security measures, including stronger authentication, API validation, and regular security audits.

This breach highlights the urgent need for public sector platforms to strengthen cybersecurity defenses. Proper access controls, authentication checks, and continuous security testing are essential to prevent such incidents. As India moves towards digital governance, protecting sensitive user data must be a top priority.

Stay secure with Net Protector Cyber Security!