New Delhi: A security weakness has been flagged in the Centre’s UMANG website and mobile app, raising concerns that personal data such as Aadhaar numbers and Provident Fund (PF) account details of crores of users could be exposed.
Cybersecurity researchers Akshay and Viral Vakela said they found multiple vulnerabilities across services offered through UMANG, which aggregates more than 2,400 government services. They alleged that Aadhaar numbers were stored and displayed in a manner that was not adequately protected.
The researchers warned that the flaws could be exploited by cybercriminals to alter users’ PF account information and illegally siphon funds. They also claimed that LPG cylinder booking details were stored without sufficient safeguards.
They said the issues were reported to the Ministry of Electronics and Information Technology and the Indian Computer Emergency Response Team (CERT-In). Following this, the PF system temporarily halted its online service and undertook “data migration” work.
In a statement, the IT Ministry said the vulnerabilities were reviewed and corrective and preventive measures were being implemented, adding that the relevant data has now been encrypted. The researchers, however, maintained that the encryption method used did not provide adequate protection and could be broken, after which the government said it has set up a “war room” to use advanced AI tools to identify security gaps across key government websites.





