Days after TRAI chairman RS Sharma invited an all-out war on Twitter after he disclosed his Aadhaar number on the microblogging site, the UIDAI on Tuesday advised people to refrain from publicly putting their Aadhaar numbers on internet and social media and posing challenges to others.
Sharma on Saturday challenged everyone to show how mere knowledge of the unique 12-digit number could be used to harm him, triggering a deluge of tweets that claimed to disclose his personal details from PAN to mobile number.
“This advisory has come with reference to some news items appearing on social media reporting few people publicly posting their Aadhaar numbers on internet and social media and posing challenges to others… Such activities are uncalled for and should be refrained as these are not in accordance with the law. Aadhaar is a unique identity which can be authenticated to prove one’s identity for various services, benefits and subsidies,” the UIDAI said on Twitter without taking Sharma’s name.
The agency also said “doing Aadhaar authentication through somebody else’s Aadhaar number or using someone else’s Aadhaar number for any purpose may amount to impersonation and thereby a criminal offence under the Aadhaar Act and Indian Penal Code”. The challenge by Sharma had evoked an immediate response from the Twitterati, with some users, including French security expert operating under the pseudonym Elliot Alderson, (@fs0c131y), claiming to have dug up his mobile number, photographs, residential address, date of birth and even chat threads using the information, while others warned him about the perils of throwing such a dare on the social media platform.
On Sunday, the hackers, including Alderson, Pushpendra Singh, Kanishk Sajnani, Anivar Arvind, and Karan Saini, claimed to have obtained details of Sharm's 14 items, including mobile numbers, residential address, date of birth, PAN details, voter ID number etc. Aravind and a few others sent Re 1 to his Bank of India account via AEPS.
“In our regular media campaigns, we have been consistently making people aware not to display or publish or share their Aadhaar number in public domain. We emphasise that people should not display or publish their Aadhaar number in public,” added the UIDAI.
“Aadhaar number is personally sensitive information like bank account number, passport number, PAN number, etc., which should be strictly shared only on a need basis for a legitimate use for establishing identity and for legitimate transactions… Also, as per the Aadhaar Act, 2016 and IT (Reasonable Security Practices and Procedures and sensitive Personal Data or Information) Rules, 2011 and Justice Srikrishna’s proposed Data Protection Bill, personally sensitive information should not be published or shared publicly,” the said on Twitter.
The UIDAI on Sunday asserted that the personal details of Sharma being put out on Twitter are not from the Aadhaar database or its servers, and that "so called hacked information" is easily available with a simple search on Google and other sites, without using the 12-digit unique identity number.
In a statement, the UIDAI said: "...Any information published on Twitter about the said individual...RS Sharma was not fetched from Aadhaar database or UIDAI's servers.
"In fact, this so–called 'hacked' information (about Sharma's personal details such as his address, date of birth, photo, mobile number, e-mail, etc.) was already available in the public domain as he being a public servant for decades and was easily available on Google and various other sites by a simple search without Aadhaar number."
Rubbishing all claims that personal details of Sharma were dug up using his Aadhaar number, the Unique Identification Authority of India (UIDAI) said it "condemns such malicious attempts by few individuals to malign the world's largest unique identity project - Aadhaar".
