Security researchers have discovered multiple vulnerabilities in the UMANG portal, a government platform offering over 2,400 public services from central and state agencies. The flaws may have exposed data of millions of users, including EPFO account numbers, LPG booking details, and Aadhaar numbers stored in plaintext, violating the Aadhaar Act. The issues stem from the portal’s core design and have likely persisted for years. The EPFO service, the most used with over 40 crore transactions recently, was particularly affected. The IT Ministry confirmed the problems and stated that fixes are underway, including encryption of exposed data. Independent experts noted the initial patches were insufficient. The researchers reported the issues to CERT-in, after which the EPFO portal went offline temporarily. The findings underscore ongoing challenges in securing government digital systems.

Credit:
https://www.thehindu.com/sci-tech/technology/umang-portal-flaws-exposed-user-data-across-hundreds-of-services-researchers-find/article71217208.ece
BCN