Indane gas

Indane, a state-owned gas provider in India, left a section of its website open to dealers and distributors despite though it is only intended to be accessed with a verified username and password.

An anonymous security researcher who sought to protect his identity out of concern for retaliation from the Indian government discovered the material.

It was found that customer data for 11,000 dealers, including names and addresses of customers, as well as the customers’ confidential Aadhaar numbers hidden in the link of each record were visible after the exposure.

Source: https://techcrunch.com/2019/02/18/aadhaar-indane-leak/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAJkmYYIYQrB7Re4R4wTmxZSmWy3TbFu1pcaz0Uq1O61obYQDDeRz1ogcupPsIbwKbWmfLo6bN_hHQ8unNHgJwPKIlowoWCeMr2ZK1Hs1z5vbUvbRKo1z5vMcjqimPr5QyG0epQJQ6qI-4o6HQRn9rDMGjyEOzCsckR-rUqikAo-G#:~:text=The%20exposure%20comes%20just%20weeks,similar%20to%20Social%20Security%20numbers.

"id": "IND143518223",
"linkid": "indane-gas",
"type": "Data Leak",
"date": "02/2019",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"