Security bug in India’s income tax portal exposed taxpayers’ sensitive data
A significant security vulnerability in India's income tax filing portal has been addressed, revealing sensitive information of taxpayers. This issue was uncovered in September by security researchers Akshay CS and Viral, who discovered that anyone logged into the e-Filing portal could access personal and financial details of other users. The compromised data included names, addresses, email addresses, dates of birth, phone numbers, and bank account information. Even more concerning, the flaw exposed Aadhaar numbers, essential for identity verification and accessing government services. TechCrunch confirmed the vulnerability's existence and withheld the report until it was assured that the flaw had been effectively resolved. The researchers identified the issue while processing their own tax returns. By logging in with their Permanent Account Number (PAN), they found that altering their PAN in network requests allowed them to view others' sensitive financial data. This vulnerability exploited the tax department's backend systems, which failed to adequately verify user permissions. Such vulnerabilities, categorized as insecure direct object references (IDOR), pose a serious risk and can lead to widespread data breaches. In addition to individual data, the vulnerability also affected company information registered on the e-Filing portal. The researchers confirmed that the flaw impacted even those who had not yet filed their tax returns for the current year. Following their discovery, the security experts notified India’s Computer Emergency Response Team (CERT-In) but did not receive a timeline for a fix. On September 30, a CERT-In representative stated that the Income Tax Department was already working on addressing the issue. The exact duration of the vulnerability's existence and whether any unauthorized access to the data has occurred remains unclear. With over 135 million registered users on the tax portal, the potential impact of this breach could be significant, as more than 76 million individuals filed their tax returns in the 2024-25 financial year.
Seniors Embrace AI: A Workshop That Transforms Skepticism into Skill
In a vibrant workshop in Singapore, a group of seniors gathered to explore the world of artificial intelligence, engagin...
Business Insider | Mar 10, 2026, 04:35Yann LeCun's AI Venture Secures $1 Billion and Welcomes New Leadership
Yann LeCun's artificial intelligence startup, AMI Labs, has successfully raised over $1 billion in seed funding while an...
Business Insider | Mar 10, 2026, 07:55Whoop Unveils Innovative Blood Test Tailored for Women's Health
Whoop, known for its fitness wearables, is set to introduce a groundbreaking blood test panel specifically designed to a...
TechCrunch | Mar 10, 2026, 10:25
Apple Marks Major Milestone with 25% of iPhones Now Made in India
In a significant development, Apple has achieved a remarkable milestone, with 25% of its iPhones now being manufactured ...
TechCrunch | Mar 10, 2026, 06:20
Unveiling the Dark Path: How U.S. Military Tools Empowered Global Cybercrime
A recent investigation has revealed that a widespread hacking initiative targeting iPhone users in Ukraine and China was...
TechCrunch | Mar 10, 2026, 02:25