PDS website in Kerala hacked, affected over 34 million people

 An Indian hacker living in Tokyo hacked the Public Distribution System's website  of the  Indian state of Kerala and published them on Facebook. The breach has affected over  34 million people of the state.

The breach was informed  when the hacker hacked the Kerala government’s civil supplies department website and published the  confidential data of all of Kerala’s 8,022,360 Public Distribution System (PDS) beneficiaries and their family members on Facebook.

The hacked database reveals names, addresses, birth dates, gender, monthly incomes, electoral card details, consumer numbers of power and cooking gas connections. This leak is considered as the biggest breach in the world.


According to the cyber security expert in Dubai,“The data could be used to duplicate SIM cards or reset net banking passwords. It’s very serious.”

The hacker is working with a Tokyo-based IT consultant N.T.R. He hacked the website (civilsupplieskerala.gov) to  expose the security flaws in the site after  he got tired  to draw the attention of officials  towards the flaws in the website. The website is designed, developed and hosted by India’s National Informatics Centre (NIC).

“I wrote to the NIC several times pointing to the vulnerabilities and even called the civil supplies office warning them about a possible breach, but they ignored me. I had no option but to make the information public in a Facebook post,” N.T.R., a native of Thiruvananthapuram, said from Tokyo.

According to reports, the Kerala government had put the list online so that residents could verify their personal data and apply for corrections before new ration cards are printed in 2017.

“It was foolish on their part to put all ration card numbers on the website. All I had to do was make a data set of these numbers and then fetch the corresponding data for each number. It was simple as the security methods on the website were primitive. It took me just one week to access and transfer around 100GB of data. I am appalled no one raised the red flag despite the fact that I used the same IP address to make over 30 million requests,” said N.T.R.