"A Major App Flaw Exposed the Data of Millions of Indian Students"

An app operated by India's Education Ministry contains a security flaw that exposed the personal information of millions of students and teachers for over a year. The Digital Infrastructure for Knowledge Sharing (Diksha) app, which was launched in 2017, stored the data. During the height of the COVID-19 pandemic, when the Indian government was forced to close schools across the country, Diksha became a major tool for students to receive course materials and assignments from home. However, the cloud server storing Diksha's data was left unsecured, leaving the data of millions of individuals exposed to hackers, fraudsters, and anyone else who knew where to look. More than one million teachers' full names, phone numbers, and email addresses were included in files on the insecure server. Another file contained data on around 600,000 students. Although the students' email addresses and phone numbers were partially hidden, the data included their full names, where they went to school, their enrollment dates, and more. This article continues to discuss the mandatory app that exposed the personal information of students and teachers across India.

Wired reports "A Major App Flaw Exposed the Data of Millions of Indian Students"