World

Indian Netizens Outraged by New Congress Party Website's User Data Leak Risk

On 8 February, former Congress president Rahul Gandhi launched a new website asking people to 'join Congress Social Media', in the hopes of recruiting volunteers to work for the party. As part of the process, concerned candidates have been asked to fill in such personal information as name, email address and phone numbers.
Sputnik

User information of those who signed up to the new website of India's key opposition party, Congress, is at risk of being exposed online, a cyber-tech enthusiast who goes by the Twitter handle @RSGovin revealed on Saturday.

Sharing several screenshots as "evidence", the techie noted that, “anyone can download the complete data of all such registered members”.

​Speaking to Sputnik, RS Govin said the security loophole in Congress’s mega-campaign website makes it very easy for any hacker to obtain user data such as names, addresses, marital status and social-networking handles among other information.

“In fact, the data can be simply downloaded by anyone with direct links, since the website doesn't check whether the user trying to access is authenticated or not," Govin explains while refusing to reveal his identity.

​The IT team of the Congress party seemingly failed to install a sufficiently strong security protocol to safeguard the page and because of that data now saved on it is at the risk of being hacked.

“That data is basically meant for their internal authenticated users. But since the website doesn't check whether the user is authenticated, the data is literally in the public domain. Congress should get in touch with its IT security team and fix these loopholes before it’s too late,” Govin adds.

The cyber researcher’s Twitter thread has gone viral on social media, leaving netizens worried. Though some were inclined to defend the website, supporters of the ruling Bharatiya Janata Party (BJP) took to Twitter to mock the Congress party and Rahul Gandhi, the party's former president and still a prominent member. #CongressDataBreach has been trending on Twitter in India.

​Congress has yet to issue a public acknowledgement of the problem.

The website in question was launched to gather 500,000 volunteers around India to join the Congress party.

Discuss