User information of those who signed up to the new website of India's key opposition party, Congress, is at risk of being exposed online, a cyber-tech enthusiast who goes by the Twitter handle @RSGovin revealed on Saturday.
Sharing several screenshots as "evidence", the techie noted that, “anyone can download the complete data of all such registered members”.
But, is all that data you feed there, safe & secure? No.
— RS (@rsgovin) February 13, 2021
Anyone can download the complete data of all such registered members. Take a look at a few screens.
Data leak of registered users from Bihar: pic.twitter.com/H8uzYRUK1K
Some data leaks of registered users from WB: pic.twitter.com/FZa9hYOugI
— RS (@rsgovin) February 13, 2021
Speaking to Sputnik, RS Govin said the security loophole in Congress’s mega-campaign website makes it very easy for any hacker to obtain user data such as names, addresses, marital status and social-networking handles among other information.
“In fact, the data can be simply downloaded by anyone with direct links, since the website doesn't check whether the user trying to access is authenticated or not," Govin explains while refusing to reveal his identity.
Some screens of accessing the "Admin section" of the https://t.co/pQO0gCZZ32 website! pic.twitter.com/k8hpaBGG4W
— RS (@rsgovin) February 13, 2021
The IT team of the Congress party seemingly failed to install a sufficiently strong security protocol to safeguard the page and because of that data now saved on it is at the risk of being hacked.
“That data is basically meant for their internal authenticated users. But since the website doesn't check whether the user is authenticated, the data is literally in the public domain. Congress should get in touch with its IT security team and fix these loopholes before it’s too late,” Govin adds.
The cyber researcher’s Twitter thread has gone viral on social media, leaving netizens worried. Though some were inclined to defend the website, supporters of the ruling Bharatiya Janata Party (BJP) took to Twitter to mock the Congress party and Rahul Gandhi, the party's former president and still a prominent member. #CongressDataBreach has been trending on Twitter in India.
That's outrageous!!! Where the hell are data privacy warriors now???
— Par!x!t (@parixit111) February 13, 2021
INC IT cell private details INCLUDING PASSWORD is openly available!
Check this thread by @rsgovin@GoI_MeitY @Cyberdost @adv_chandnishah @SureshNakhua @amitmalviya @OpIndia_com @rahulroushan @TajinderBagga https://t.co/z46TdbRW0p
Congress has kept the information of their social media warriors public for the sake of transparency bcoz that is what Congress stands for.
— SubbuS (@Subbu_06) February 13, 2021
Stupid sanghi bhakts are calling it leak of information. 😂😂
Close enough? #CongressDataBreach pic.twitter.com/alQZ3Cqi1W
— Ankur Singh (@iAnkurSingh) February 13, 2021
Pappu IT cell leaked all the data of their own workers 😂#CongressDataBreach pic.twitter.com/IBycuhw3vz
— Wali (@netaji_bond) February 13, 2021
Congress has yet to issue a public acknowledgement of the problem.
The website in question was launched to gather 500,000 volunteers around India to join the Congress party.
This is not an army of hatred,
— Congress (@INCIndia) February 8, 2021
this is not an army of violence,
this is an army of truth,
this is an army that will defend the idea of India.
- Shri @RahulGandhi
Come be a Congress Social Media Warrior.#JoinCongressSocialMediahttps://t.co/cmxsDrNNB7 pic.twitter.com/wrlSU2dxxJ