It is hard to believe by relying on just one source. I just checked other news sources in India, and no one has any news about any recent Aadhaar breach.
Kindly understand this article seems to come out of investigative journalism where the author seemed to have gotten hold of the patch presumably by paying 2500 and then did in-person research to create the article. Once published, other newsrooms usually do their own pieces if they find it relevant. Since this article has just been published (only 2 hours ago at the time of writing this comment), I wouldn't refute the article just on the basis of this criteria. I would usually wait for 1-2 days before using the above criterion to evaluate the article.
You've actually reworded what I have already said. Since there is no official statement from UIDAI or multiple private news sources reporting the same incidence; this article/blog is not worth believing yet.
On the contrary. This was _investigated_ by a reporter(s) from the mentioned source and published. Other news publications need to verify it independently before publishing it themselves.
And on the "official statements" part, it's kind of naive to expect that they (UIDAI) would put out any statement given that in the past they have
- Not acknowledged security issues or made any efforts to do their own investigation in spite of the numerous reports
- Turned hostile towards entities who have exposed or reported weaknesses instead of rewarding them and plugging the loopholes
Do You think Times group, India Today and others will report this? They don't have backbone to do that. Maybe You should read the article first, before commenting.
Did you read the article? It's not about a "Aadhar breach" in the sense of data being stolen. The news is about a software hack that has been doing the rounds among operators that allows them to compromise the aadhar database by introducing duplicate or weaker biometric information.
"The patch lets a user bypass critical security features such as biometric authentication of enrolment operators to generate unauthorised Aadhaar numbers.
The patch disables the enrolment software's in-built GPS security feature (used to identify the physical location of every enrolment centre), which means anyone anywhere in the world — say, Beijing, Karachi or Kabul — can use the software to enrol users.
The patch reduces the sensitivity of the enrolment software's iris-recognition system, making it easier to spoof the software with a photograph of a registered operator, rather than requiring the operator to be present in person."