"The Indian government's tax authority has fixed a security flaw in its income tax filing portal that was exposing sensitive taxpayers' data, TechCrunch has exclusively learned and confirmed with authorities. The flaw, discovered in September by a pair of security researchers Akshay CS and "Viral," allowed anyone who was logged into the income tax department's e-Filing portal to access up-to-date personal and financial data of other people."
"TechCrunch verified the data to the best of its ability by granting permission to the researchers to look up this reporter's records on the portal. The security researchers confirmed to TechCrunch on October 2 that the vulnerability was fixed. Given the risk to the public, TechCrunch withheld publishing this story until the security researchers confirmed that the vulnerability can no longer be exploited."
A security flaw in the income tax e-Filing portal allowed any logged-in user to access up-to-date personal and financial data of other taxpayers. The vulnerability was discovered in September by security researchers Akshay CS and "Viral". Exposed data included full names, home and email addresses, dates of birth, phone numbers, bank account details, and Aadhaar numbers. Researchers verified the exposure by looking up a reporter's records with permission. The vulnerability was confirmed fixed on October 2. Publication was withheld until the vulnerability could no longer be exploited. The Income Tax Department acknowledged contact but did not answer questions or object to publication.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]