IFF explains: An Election Commission vulnerability that could expose your phone number!


On December 15th, 2021, CERT-IN reached out to the Election Commission of India (ECI) IT team, which patched a vulnerability in the ECI’s National Voters Service Portal website that allowed access to unredacted, registered phone numbers of voters. Though this was fixed, awareness about the issue and its consequences are limited. Keeping that in mind, IFF, along with Sai Krishna Kothapalli, the independent researcher who came across this technical snag, attempt to provide you with a background of the issue, explain the loopholes that caused this vulnerability and elaborate on the consequences of privacy breach of citizens.

This is a companion discussion topic for the original entry at https://internetfreedom.in/ec-vulnerability-ph-number/