Aadhaar security has been brought into question many times, but the government hasn't paid heed to those criticisms. From a software patch capable of disabling critical security features of Aadhaar software to former CIA official and whistle-blower Edward Snowden warning against the misuse of Aadhaar information, privacy advocates have strongly criticized Aadhaar being the golden standard for citizen identification in India.
Another threat against the Aadhaar data was reported by Rainbowtabl.es, but does not challenge the UIDAI's capability in securing the information. The India CERT team was notified of a potential vulnerability concerning Aadhaar and Pan card details, that were stored in Amazon's S3 cloud storage buckets for hackers to exploit.
The report highlighted that nearly 3,000 images and PDFs of PAN and Aadhaar cards of Indian citizens were stored without proper encryption. The Amazon S3 bucket data also included "pay in slips" from ICIC Bank stored in PDF format and headshots of people, which are mainly used for an ID.
The unsecured open bucket on Amazon's cloud platform was discovered on December 1, and an email notifying India's CERT team was sent the next day. After nearly 3 weeks, the CERT team confirmed that the S3 bucket is secured and so is the data in it.
It remained unclear as to who uploaded the content to Amazon S3, but it looked like some sort of scanner was set to upload or backup files to the S3 bucket. Amazon S3 bucket is a public cloud storage resource available in Amazon Web Services (AWS). Short for Simple Storage Service, S3 bucket is a data storage offering by the e-commerce giant, allowing users to store folders, consisting of data and descriptive metadata.
Aadhaar is a unique 12-digit number and acts as the address proof for all Indian citizens. It also acts an identity proof, wherein people, especially the economically weaker section, can avail government's social welfare schemes, be it opening bank accounts (Jan Dhan Yojana) or direct subsidy transfer to their accounts.