Imagine being able to hack someone's personal data simply by entering their mobile phone number into a Google search. There is a website of the Andhra Pradesh government that's leaking people's phone numbers, Aadhaar numbers, father's names, passbook and bank account numbers, and the district and mandal where they live - all the link to all this information is the first result you get when you search for the phone numbers of people in the database.
The Andhra government has been leaking the personal data of more than 23,000 farmers who have received subsidies from the Andhra Pradesh Medicinal and Aromatic Plants Board, and organisation that encourages the growth of Ayurvedic medicines in the state. The subsidies are offered to farmers and tribals in the state, and all their personal data is available on an open database on an Andhra Government website.
The information is not behind any access control, and you can see all the records, click on them to get the details of anyone, or download everything as an Excel sheet. But what's perhaps worse is that simply by searching for the phone numbers of many of these farmers, we were able to find the detailed information about them. HuffPost India randomly chose a dozen farmers, and in each case, this database was the first result for their phone number on Google.
That's the most concerning part - in most cases, even when the information has leaked, it isn't readily apparent to people. You have to know the website address, or at the very least spend some time poring through dashboards. In the case of this latest leak, all you need is the person's phone number, and all their information is made visible. HuffPost India has reported this issue to the AP government, much like earlier leaks, although at the time of writing the data is still available online.
Who's held responsible?
This is just the latest in a long line of leaks from AP - in just the last few months, we've reported on a website that let you geo-locate...