[iamshs]

This is one of the main reasons that this report doesn’t touch upon read access of the database. Rachna Khaira, one of the reporters already has a police case against her for her previois reporting on Aadhar database compromise. Getting even one user record would have landed all three journalists behind bars. It is left for the reader to conclude, and validated by various experts, that whole database is hacked. If a $5 tool can give you write access to a database, it is obvious whole database can be accessed too.

[denzil_correa]

Btw, 4 months ago the UIDAI had completely denied of existence of such a patch calling it as "totally baseless, false, misleading, and irresponsible" [0].

[0] https://twitter.com/UIDAI/status/991907169779011584

[Aeolun]

I mean, you need a client to access it, and presumably having a patch for such means you have the client too...

[kkarakk]

aadhar card operators get paid 30ruppees an hour. i'm sure you can get access to a client pretty easily

[iamshs]

It’s actually even better. There is no server side authentication on the application. And this keygen type of crack removes the client side authentication too. Full firehose access.