Particle.news
Download on the App Store
4 ARTICLES
·
2h ago

India Fixes Tax e-Filing Portal Flaw That Exposed Sensitive Taxpayer Data

The fix followed a responsible disclosure by researchers to CERT-In in September.

Indian Income Tax Department portal
Income Tax Portal India
Image

Overview

  • A simple IDOR bug let any logged-in user view others’ records by swapping a PAN value in a network request.
  • Exposed data included names, addresses, dates of birth, phone numbers, email IDs, bank details and Aadhaar numbers.
  • Researchers confirmed the portal was patched in early October after demonstrating the issue to TechCrunch, which verified access to a reporter’s records.
  • The flaw affected data for individuals and companies, including some users who had not yet filed returns this year.
  • Authorities have not said how long the vulnerability existed or whether it was misused, despite the portal’s scale of over 135 million registered users and about 76 million returns in 2024–25.