Millions of Records Exposed via SQL Injection in a Tamil Nadu Government Portal
1 min read
Summary
A researcher has discovered a critical SQL injection vulnerability on a Tamil Nadu government web portal, which has potentially exposed millions of records including Aadhaar numbers, user credentials and student data.
The vulnerability allowed unauthorised access to personally identifiable information and could have been used for account takeovers.
Such attacks are made easier when user IDs and passwords are compromised, as was the case here.
As well as individual user data, the flaw also provided complete back-end access to modify or dump any table, creating significant regulatory risks.
This case shows the damage that a single unchecked SQL injection vulnerability can lead to and highlights the need for secure, privacy-focused systems.