This Security Flaw In Income Tax Website Could Have Exposed Sensitive Data Of Tax Payers: All You Need To Know

A security flaw of very high severity has been tackled by the Indian government that was related to the tax e-filing portal. As for its impact, the flaw could have exposed all the sensitive information

of the taxpayers like financial details, government IDs, and more, to the hackers. It was identified after two researchers, Viral and Akshay CS, discovered the vulnerability while filing their tax returns in the month of September. They figured out that it was possible for anyone logged into the income tax portal to view the data of others. The compromised information included phone numbers, names, dates of birth, email IDs, bank details, home addresses, and Aadhaar numbers. This amount of information related to a group of individuals could have caused a lot of chaos if it had been leaked online.

What Actually Happened?

The researchers said to TechCrunch, 'This is an extremely low-hanging thing, but one that has a very severe consequence.' The security flaw dubbed IDOR, or insecure direct object reference, was triggered because the system was not checking whether the logged-in user was authorized to access the data or not. To make you understand in simple terms, anyone with your PAN number will have access to your private details on the platform. It was also confirmed that the bug is affecting both the involved researchers and other companies registered on the tax portal. What's more disturbing is that it also provided access to the data of users who have not filed their return for the current financial year.The researchers, after finding the issue, reported the same to the Indian Computer Emergency Response Team OR CERT-In. By early October, it was clarified by the government officials that the bug has been fixed. Though the Income Tax Department did not issue a detailed public comment on the same, but acknowledged that they have received emails highlighting the security flaw. This flaw could have affected millions of taxpayers. As of now, the income tax portal of India has around 135 million registered users, and around 76 million individuals have already filed returns for 2024-25.