Wednesday, June 16, 2021
Home News Reports Exclusive: Congress puts personal data of thousands of its supporters at risk, massive security...

Exclusive: Congress puts personal data of thousands of its supporters at risk, massive security loophole found on its website

Congress had launched a website to build an army of 5 lakhs volunteers. The website has been found to be leaking the data of all those who wanted to become Congress' social media warrior.

The recently launched drive by the Congress party to induct a whopping 5 lakhs ‘social media warriors’ to support the party has turned out to be an exercised marred with massive security loopholes. The Congress IT cell seems to have slipped even in employing basic IT security systems in place for this initiative.

A special website made by the Congress party to solicit applications and interest for joining this online army has now potentially turned into a publicly available database of Congress supporters with their names, phone numbers, addresses, emails, social media profiles and some other personal details leaked online. The online drive can soon turn into an online scam.

The website was launched with a video message by Congress President Rahul Gandhi on February 8, 2021, asking people to join the drive, by submitting their personal details. Many did so, but little did they know that they could be at risk due to loopholes in the entire process. The security loopholes have continued since then i.e. for at least 5 days since its launch.

The aforementioned website, available at the URL incsmw.in, used an online application form to collect information like names, addresses, phone numbers, email ids, social media profiles, education details, number of hours a person is willing to work daily for the Congress party, and many other such details.

This data collected by the Congress party was supposed to be safe with the party and its IT cell and for their internal use, but now it’s virtually out in open thanks to bad security protocols employed by the party while creating this website.

This loophole was exposed by Twitter user @rsgovin who put out a detailed thread about the website vulnerabilities this morning (February 13, 2021). The user masked the identifiable personal details of people wanting to become Congress’ social media warriors so that they are not misused or the Congress supporters are not harassed.

Following is the screenshot of all applicants who applied to become part of this Congress initiative in Bihar. The identifiable personal details have been masked by @rsgovin and put online to prove how the website of Congress is indeed leaking personal data.

Leaked details of Congress supporters applying to become social media warriors for Rahul Gandhi

Not just Bihar, the data of Congress supporters wanting to become the social media warriors of the party in any state or union territory can be downloaded in Microsoft Excel format by running a few php queries by anyone. A person wanting to extract such data doesn’t even need to have administrative access to the website. This is a major security flaw and has exposed personal details of thousands of Congress supporters.

“In this manner, the personal data of all the users registered on their website is at risk. The data can be downloaded by anyone, by simply tweaking a few queries on their website!” Twitter user @rsgovin revealed in a thread. @rsgovin further checked if the submitted details by some users like their Voter ID are genuine, and he found so.

Basically many Congress supporters trusted the party in good faith to keep their personal details safe, but the party clearly failed to do so.

In fact, @rsgovin demonstrated that he could log into the administrator area too of the website launched by Congress, so much weak are the security protocols employed at the website to build an ‘online army’ for the Congress party and Rahul Gandhi.

While sensitive data like physical address and phone numbers not being kept safe is itself shocking, the website launched by the Congress party has been found to be not employing even the simplest security step like not storing passwords in plain text format. This further puts the registered Congress volunteers at risk because this could mean that their social media accounts could also be hacked if they are using same or similar passwords there.

OpIndia tried to verify the claims of @rsgovin and we found that the security loopholes definitely existed at the time of filing this report and the Congress party had not fixed it yet despite @rsgovin tagging them on Twitter and bringing this vulnerability to their notice.

In these five days, thousands have registered on the website as claimed by the Congress party, and that means thousands of people are now at risk of being targeted either by hackers or marketers who will have access to their personal data. All because they trusted the Congress party to keep their data safe.

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

OpIndia Staffhttps://www.opindia.com
Staff reporter at OpIndia

Related Articles

Trending now

Serum Institute of India all set to manufacture Novavax’s COVID-19 vaccine Covovax, trial data demonstrates 90.4 overall efficacy

Adar Poonawalla, the CEO of SII, plans to launch Novavax's Covovax in India by September contingent upon the regulatory approvals

Kerala-based Maktoob Media gives a bizarre spin to Ghaziabad story, claims Aadil accused of beating the Muslim man was actually ‘rescuing’ him

Kerala based Maktoob Media peddles another fake news on Loni incident, claims accused Adil was rescuing Abdul Samad Saifi

Congress leader spreads vaccine hesitancy again, this time claims newborn calves are slaughtered for their serum. Here is the truth

Covaxin does not contain newborn calf serum. It was used for development of cells to replicate Covid-19 virus in lab to produce vaccine.

Virtual hearing embarrassment: Congress leader Abhishek Manu Singhvi caught attending the court proceedings without pants

Abhishek Manu Singhvi was caught attending court proceedings in boxer shorts when one of the screens accidentally fell off and showed the naked legs of the senior advocate

The Quint withdraws its cartoon defaming ‘Jai Shri Ram’ chant after Ghaziabad ‘hate crime’ turns out to be fake

TheQuint in an attempt to further its Hinduphobic propaganda published a cartoon featuring two completely unrelated incidents and parroted Zubair's baseless claims.

What happened in UP was illustrative of Twitter’s arbitrariness in fighting fake news: RS Prasad hits out on Twitter after it loses its safety...

While talking about the safe harbour provision of Twitter, Ravi Shankar Prasad said it has failed to comply with the Intermediary Guidelines

Recently Popular

Salman Khan’s ‘Radhe – Your Most Wanted Bhai’ earns Rs 17,792 over three days from two theatres in Maharashtra: Details

Citing low occupancy, the theatres screening Salman Khan starrer Radhe: Your Most Wanted Bhai have reduced number of its daily shows

As Yogi Sarkar lodges FIR against Twitter, 8 others, Alt News co-founder Zubair deletes fake hate crime video: Details

The UP Govt has initiated action against Twitter for failing to take down tweets that spread misinformation about a crime in the state.

Here is the truth about the land deal by Ram Janmabhoomi Teerth Kshetra and how the allegations by likes of AAP are baseless

Shri Ram Janmabhoomi Teerth Kshetra and its head Champat Rai bought an additional piece of land for the purposes of additional construction to facilitate pilgrims who would be travelling to Ayodhya

Nikhil Kamath disregarded Viswanathan Anand’s request to not use his name in public communication after cheating, says grandmaster’s wife

Zerodha co-founder Nikhil Kamath recently apologised for using unfair means to defeat Chess grandmaster Vishwanathan Anand

How Alt News cofounder Mohammed Zubair communalised a petty quarrel and tried to defame ‘Jai Shri Ram’

It must be pointed out that the video of the assault does not contain any audio, which can verify the claim that Saifi was coerced into chanting 'Jai Shri Ram' or 'Ram Ram'

British Pakistani rapper Frenzo Harami spews venom on Hindus. Here is what we know about him

Pakistan-born British rapper, who used to sell drugs before becoming a rapper, spoke the language of terrorists, used Gaumutra jibe
- Advertisement -

 

Connect with us

255,564FansLike
553,642FollowersFollow
24,400SubscribersSubscribe