Search This Blog

Showing posts with label French Hacker. Show all posts

CEO of Koo App Denies the Allegations of Data Breach by French Hacker

 

Koo, a home-grown microblogging platform has come under the scanner after a French ethical hacker known by the moniker Elliot Alderson on Twitter uncovered the security loopholes in the Koo app. Cybercriminals can exploit the vulnerabilities in the app to retrieve personally identifiable information such as e-mail ID, date of birth, name, marital status, gender, and more.

Several Union ministers, politicians, and film actors are switching to the micro-blogging platform Koo but this leak has raised serious concerns regarding the safety of private information of the users. “You asked so I did it. I spent 30 min on this new Koo app. The app is leaking the personal data of users: email, dob, name, marital status, gender…” Alderson tweeted with emended screenshots of the data he was able to access.

Aprameya Radhakrishna, Koo’s co-founder, and CEO responded that the app is fully secured and data visible is something that the users have voluntarily shown on the profile. Aprameya explained on Twitter that “some news about data leaking being spoken about unnecessarily. Please read this: The data visible is something that the user has voluntarily shown on their profile of Koo. It cannot be termed a data leak. If you visit a user profile you can see it anyway”.

Alderson countered the tweet by sharing a screenshot of an IAS officer on Koo, he claimed he could gain access to the data of an IAS officer without it being visible on the profile page and he tagged Aprameya in his tweet.

Aprameya replied to the tweet – “@fs0c131y (Elliot Alderson) We’re attempting to do something for our country, India. All help is appreciated. If you want to help out in this journey of ours please write to me at ar@kooapp.com and we can take a look at all the feedback you have. Thanks!” 

The popularity of the Koo app is increasing with each passing day and has surpassed over 3 million downloads on both Google Play and the Apple app store. Observably, the app is seen as the alternative to Twitter and many prominent personalities have moved to the Koo app.

Indian state-owned gas agency leaked 6 million Aadhaar Numbers






An ethical French hacker claims to have found a vulnerability on the Indian state-owned gas agency's website, Indane, which has exposed nearly 6 million Aadhaar numbers of dealers, customers and distributors.

 Elliot Alderson wrote a blog post on 18 February, in which he detailed how he got alerted about a vulnerability on a web portal meant for local dealers through a  private message. The exposed data includes names, Aadhaar numbers and addresses of the customers.

The cyber security researcher looked at an Android app of the Indane, and there he found  “Locate Your Distributor” feature, and this option let you find the ids of the dealers of the corresponding “bgadistrict”. With the dichotomy method he was able to easily find out the ids of all the dealers in 714 bgadistrict.

"Great, time to code! We have everything we need to get the size of this leak. Thanks to the endpoint found in the Android app, we will obtain all the valid dealer ids and then we will scrape all the “Total records” in the local dealer portal," Alderson wrote.

He  wrote a python script, and then executed the script, which fetched him  11062 valid dealer ids.  "After more than 1 day, my script tested 9490 dealers and found that a total of 5,826,116 Indane customers are affected by this leak."

Unfortunately, Indane probably blocked my IP, so I didn’t test the remaining 1572 dealers. By doing some basic math we can estimate the final number of affected customers around 6,791,200," Alderson further added.


However, Indane has refused to acknowledge the data leak, meanwhile Anderson has snapped back with a meme at the gas agency. UIDAI did not respond to the data leak reports.