Digital ID in India has suffered catastrophic security failures, with 815 million records leaked and sold on the Dark Web for $80,000. The Aadhaar data breach exposed sensitive citizen information including names, addresses, phone numbers, and biometric data through an ICMR database hack that exploited unpatched vulnerabilities in India’s centralized identification system.
Digital ID India Breached: Aadhaar Leak, Dark Web Sale, ICMR Hack
How India’s Digital ID Security Failed
The Aadhaar data breach occurred due to exploitable software patches available for just $35, which allowed hackers to bypass biometric authentication and GPS tracking. These patches disabled iris scans and fingerprints for enrollment operators, meaning Aadhaar numbers could be generated from anywhere without verification. Government websites also provided unrestricted API access, allowing anyone with basic details to access Aadhaar information in violation of the Aadhaar Act.
The 815 million records leaked included comprehensive personal data: names, addresses, phone numbers, passport numbers, ages, genders, and district information. The ICMR database hack exposed health records, vaccination history, and COVID-19 testing data collected from citizens. This Dark Web sale represents one of the largest breaches in Digital ID India’s history.
Also Read: Shiba Inu’s Shibarium Bridge Hacked for $2.4 Million by Scamster
The Dark Web Sale and Ongoing Threats
By 2024, the 815 million records leaked were being tracked on dark-web forums alongside other sensitive documents. The Dark Web sale pricing at $80,000 means each record costs less than a penny—making real Indian citizen data easily accessible to criminals for identity theft, financial fraud, and phishing attacks.
The ICMR database hack was just one incident in a series of hacks. In 2018, a reporter bought free access to every Aadhaar record for ₹500 via WhatsApp. That same year, 210 government websites published Aadhaar numbers in plain text, and a state utility leaked 1.6 million records due to a folder without protection.
Also Read: Iran’s Sepah Hack Is a Wake-Up Call—Bitcoin Cannot Be Erased
The Aadhaar data breach highlighted fundamental flaws in centralized biometric systems. Hackers breached India’s digital ID system and stole biometric data, exposing millions of Indians to permanent fraud and identity theft. The Dark Web sale and Digital ID India’s security failures have made that vulnerability irreversible.