class="post-template-default single single-post postid-59008 single-format-standard wp-embed-responsive post-image-above-header post-image-aligned-center sticky-menu-fade right-sidebar nav-below-header separate-containers header-aligned-left dropdown-hover" itemtype="https://schema.org/Blog" itemscope>

Major lapse in income tax website personal data of millions of taxpayers at risk

Recently a major cyber security mistake has come to light in the Income Tax e-filing website of the Government of India. Due to this, the personal income of crores of taxpayers has been put in danger. This portal is used by about 13.5 crore people across the country to file tax returns. According to reports, there was a software bug in the website, due to which any person’s information like Aadhaar number, bank details, mobile number and address was exposed for some time.

This mistake was discovered by two cyber security experts. They found that when a user changed the PAN number by logging into his account, the website did not check whether the data belonged to the same person or not. That is, if a person entered someone else’s PAN number, then the private information of that user would also be visible to him. Neither password nor OTP, other person’s data was directly exposed.

How did this mistake happen?

This flaw is called IDOR bug (Insecure Direct Object Reference) in technical language. This means that the system fails to identify which user has the right to access which data.

Same thing happened in this bug of Income Tax Portal that the website was not checking whether the logged in user is only viewing his own data or someone else’s. As a result, anyone’s private data could have been exposed with a slight technical change.

As soon as this flaw came to light, experts immediately informed the government and CERT-In (Indian Computer Emergency Response Team). After this, necessary steps were taken to secure the system and now the website has been completely repaired.

How big was the danger?

This mistake could have proved to be a very serious cyber threat. Along with millions of people, data of big companies and businessmen is also available on the Income Tax Portal. If any hacker gets wind of this, he could use this information for identity theft, fake transactions or bank fraud.

Leave a Comment