Days after the Congress party was found leaking data of people applying to work in its social media cell, the party has decided to go after those who had pointed out the flaws in its website. The party has also claimed that there have been “illegal attempts” to access their data, the threatened stern legal actions against the “culprits”.
It was stated in a tweet by Saral Patel, the national convenor of the Social Media Department of the Congress party. He said that they have “identified the people involved, & will legal actions will be initiated shortly”.
The success of #JoinCongressSocialMedia has rattled BJP & their troll armies to the core.— Saral Patel Andolanjivi (@SaralPatel) February 13, 2021
These illegal attempts to access our data will be met with stern legal actions against the culprits, We have identified the people involved, & will legal actions will be initiated shortly.
Patel also claimed the success of the Join Congress Social Media campaign has rattled BJP and ‘their troll armies to the core’, accusing the person who had exposed the issue with their website to be a BJP troll.
Gaurav Pandhi, the National Coordinator oif the Digital Communications & Social Media cell of the Congress party also made similar claims. He said that attempts have been made to illegally access Congress party’s Social Media Campaign data, adding that it was old data limited to two states. He claimed that they have traced and identified the people behind the “hack”, and they are filing a legal complaint against them.
The incident relates to the data of people who had applied to work for the party, which was found to kept unprotected in a website created specifically for the ambitious project of recruiting 5 lakh social media warriors. One social media user who goes by the ID @rsgovin had exposed a serious vulnerability with the website, which allowed anyone to access the data of people who had filled the online form on the site to become a social media warrior. He had posted several screenshots, showing how the Congress IT cell failed to deploy any security measures on the site, which allowed the data of applicants to be publicly accessible.
He had showed how the all the details entered by applicants on the website, including their social media IDs, email IDs, addresses, mobile numbers, passwords, voter ID details and all other details were could be easily accesses without even required administrative access to the site. It was also revealed that the passwords are stored in plain text format. This means, if these details are obtained by anti-social elements, the social media and email accounts of some of the applicants also can be at risk, considering that many people use same password on multiple platforms.
Not just applicants, the website also kept the office bearers of social media cell, including those taking interviews for new applicants, in an unsafe manner, and @rsgovin was able to access their sensitive personal details also.
However, after caught keeping the personal and sensitive data on the applicants in an unsecure manner, now the Congress party has decided to go after the messenger, instead of fixing the problem. While the Congress social media national convenor claimed there were illegal attempts to access their data, the fact is, the data was kept unsafe on their website, and no hacking was needed to access the data.
The exposer @rsgovin just used some custom queries to download all the data. It does not require any backdoor entry, any hacking, use of any malicious malware to gain access to the website. In other words, the Congress party had kept the door unbolted, and when @rsgovin pointed that out, the party is falsely accusing him of breaking into the house.
It is also notable that while exposing the issue, @rsgovin masked the sensitive information of people on the screenshots, and asked the Congress party to fix the website. With this, he acted in a very responsible manner. He acted as an ethical hacker who test software programs to detect vulnerabilities. Major zero-day vulnerabilities are detected by such ethical hackers, and IT companies actually pay such people to find loopholes in their software, in order to make them secure. But instead of thanking @rsgovin for helping them in making their platform more secure, the Congress party is threatening legal action against him, labelling him a BJP troll.