Tuesday, March 2, 2021
Home News Reports Exclusive: Congress puts personal data of thousands of its supporters at risk, massive security...

Exclusive: Congress puts personal data of thousands of its supporters at risk, massive security loophole found on its website

Congress had launched a website to build an army of 5 lakhs volunteers. The website has been found to be leaking the data of all those who wanted to become Congress' social media warrior.

The recently launched drive by the Congress party to induct a whopping 5 lakhs ‘social media warriors’ to support the party has turned out to be an exercised marred with massive security loopholes. The Congress IT cell seems to have slipped even in employing basic IT security systems in place for this initiative.

A special website made by the Congress party to solicit applications and interest for joining this online army has now potentially turned into a publicly available database of Congress supporters with their names, phone numbers, addresses, emails, social media profiles and some other personal details leaked online. The online drive can soon turn into an online scam.

The website was launched with a video message by Congress President Rahul Gandhi on February 8, 2021, asking people to join the drive, by submitting their personal details. Many did so, but little did they know that they could be at risk due to loopholes in the entire process. The security loopholes have continued since then i.e. for at least 5 days since its launch.

The aforementioned website, available at the URL incsmw.in, used an online application form to collect information like names, addresses, phone numbers, email ids, social media profiles, education details, number of hours a person is willing to work daily for the Congress party, and many other such details.

This data collected by the Congress party was supposed to be safe with the party and its IT cell and for their internal use, but now it’s virtually out in open thanks to bad security protocols employed by the party while creating this website.

This loophole was exposed by Twitter user @rsgovin who put out a detailed thread about the website vulnerabilities this morning (February 13, 2021). The user masked the identifiable personal details of people wanting to become Congress’ social media warriors so that they are not misused or the Congress supporters are not harassed.

Following is the screenshot of all applicants who applied to become part of this Congress initiative in Bihar. The identifiable personal details have been masked by @rsgovin and put online to prove how the website of Congress is indeed leaking personal data.

Leaked details of Congress supporters applying to become social media warriors for Rahul Gandhi

Not just Bihar, the data of Congress supporters wanting to become the social media warriors of the party in any state or union territory can be downloaded in Microsoft Excel format by running a few php queries by anyone. A person wanting to extract such data doesn’t even need to have administrative access to the website. This is a major security flaw and has exposed personal details of thousands of Congress supporters.

“In this manner, the personal data of all the users registered on their website is at risk. The data can be downloaded by anyone, by simply tweaking a few queries on their website!” Twitter user @rsgovin revealed in a thread. @rsgovin further checked if the submitted details by some users like their Voter ID are genuine, and he found so.

Basically many Congress supporters trusted the party in good faith to keep their personal details safe, but the party clearly failed to do so.

In fact, @rsgovin demonstrated that he could log into the administrator area too of the website launched by Congress, so much weak are the security protocols employed at the website to build an ‘online army’ for the Congress party and Rahul Gandhi.

While sensitive data like physical address and phone numbers not being kept safe is itself shocking, the website launched by the Congress party has been found to be not employing even the simplest security step like not storing passwords in plain text format. This further puts the registered Congress volunteers at risk because this could mean that their social media accounts could also be hacked if they are using same or similar passwords there.

OpIndia tried to verify the claims of @rsgovin and we found that the security loopholes definitely existed at the time of filing this report and the Congress party had not fixed it yet despite @rsgovin tagging them on Twitter and bringing this vulnerability to their notice.

In these five days, thousands have registered on the website as claimed by the Congress party, and that means thousands of people are now at risk of being targeted either by hackers or marketers who will have access to their personal data. All because they trusted the Congress party to keep their data safe.

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

OpIndia Staffhttps://www.opindia.com
Staff reporter at OpIndia

Related Articles

Trending now

Twitter forces user to delete tweet highlighting Hindu victims of Godhra massacre, days after it refused to block fake news

Users have accused the platform of deliberately censoring posts that highlight the Hindu victims of the Godhra Massacre.

Andhra Pradesh: Evangelists build a huge Christian cross-shaped structure at the holy site of Hindus, alleges BJP

BJP leaders have alleged that the huge Christian Cross symbol was put up illegally in Guntur, Andhra Pradesh where Hindus believed Sita Maa's footprints existed

Special Prosecutor in Delhi Riots case shows court a Newslaundry article that created a false narrative against the investigation

Special Public Prosecutor slammed Newslaundry in court, said they reported false information under his name in Delhi riots reportage

Remember Agra kidnapping case where a girl was shrouded in Burqa? Here is why she planned the abduction herself

On Monday night, the police recovered the girl from a PG in Delhi's Tilak Nagar area. On being asked about the abduction, she claimed to have gone to Delhi to prepare for NEET examination.

Aamir Khan shelves Mahabharat amidst controversies because ‘now is not the right time’: Reports

Aamir Khan has shelved his 'Mahabharat' project amidst controversies because the 'timing' is not right, reports say.

Miami-based art collector sells 10-second video artwork for $6.6 million, brings focus on NFTs and the value of ‘digital assets’

NFT-authenticated 10-second video artwork by Beeple sold for $6.6 million and it made people wonder if NFTs are the next big thing in tech world.

Recently Popular

‘Inserted her hand claiming she was planting a tree’: LGBT activist Divya Dureja accused of sexual assault under pretext of shamanic ritual

A popular LGBT activist Divya Dureja has been accused of sexual assault by Elodie Gendron under pretext of a Shamanic ritual.

Gujarat: Ahmedabad woman Ayesha commits suicide by jumping into Sabarmati River, last video message goes viral

A video has gone viral on social media where Ayesha, a young woman, can be heard announcing her decision to commit suicide.

The Hindu ‘journalist’ Suhasini Haidar puts out misinformation about ISRO satellite launch: Read details

Suhasini Haidar, National Editor of 'The Hindu', put out false information on social media in attempt to mislead the public.

Aamir Khan shelves Mahabharat amidst controversies because ‘now is not the right time’: Reports

Aamir Khan has shelved his 'Mahabharat' project amidst controversies because the 'timing' is not right, reports say.

Sourav Ganguly may attend PM Modi’s Brigade Ground rally in Kolkata on 7th March: Local media

Sourav Ganguly may attend PM Modi's rally at Brigade Ground in Kolkata on March 7, according to reports in local media.

US President Joe Biden casually drops the N-word during Munich Security Conference, accused of racism on social media

The N-word is considered as one of the hateful words that were first uttered in the 17th century. Its origin can be traced back to the Spanish word 'negro', which is often used by white supremacists to deliberately offend the African-American community.
- Advertisement -


Connect with us