A French vigilante hacker has made a stunning revelation accusing Prime Minister Narendra Modi of having compromised the personal data of millions of Indians, who had downloaded his personal mobile app.
In a series of tweets, Elliot Alderson alleged that the personal data including emails, photos, genders and names of the users of Modi’s mobile app were being sent to a third party domain without their consent.
Alderson wrote, “When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called http://in.wzrkt.com (sic)”
When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called https://t.co/N3zA3QeNZO. pic.twitter.com/Vey3OP6hcf
— Elliot Alderson (@fs0c131y) March 23, 2018
The French cyber security researcher’s next revelation was even more worrying as he alleged that the domain, where the data of PM Modi’s app users were being sent, was a phishing link, owned by a company G-Data. Phishing is usually designed to steal internet users’ usernames, passwords, and credit card details (and money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. This microsoft link explains everything about phishing and what one should do to not fall victim to its fraud.
Alderson wrote, “This domain is classified as a phishing link by the company G-Data. This website is hosted by
@GoDaddy and the whois info are hidden.”
— Elliot Alderson (@fs0c131y) March 23, 2018
Anderson said that the the domain in question belonged to Clever Trap. He wrote, “After a quick search, this domain belongs to an American company called
@CleverTap. According to their description, “ #CleverTap is the next generation app engagement platform. It enables marketers to identify, engage and retain users and provides developers.”
Anderson asked Modi what he thought of sharing the personal data of ‘your users without their consent to a third-party company.’
He wrote, ” @narendramodi, I know privacy is not your thing but any thoughts about sharing the personal data of your users without their consent to a third-party company?”
Alderson is the same person, who had flagged that digital payments company Paytm was asking its Android users for ‘root access’ to their phones which would have effectively given the company complete access to a user’s device. This led to Paytm to stop asking for the access.
Earlier in March this year, he had also flagged security lapses by government websites that were found to be leaking Aadhaar details. He had written, “Hi @UIDAI and @ceo_uidai, let me show you one of the “unscrupulous elements”. This governmental website is leaking 4769 files. In this open directory you can find biometric data, #Aadhaar card scans and more.”
Reacting to Alderson’s tweets, Congress party’s chief spokesperson, Randeep Surjewala, asked, “IT Minister will not do a press conference on the NaMo App on these allegations of Data Chori! Will the media dare to question Modi ji on the functioning of his App? Will the brain behind this “Data Usurpation” be summoned? What about the 15 Lakh NCC cadets & their privacy?”
IT Minister will not do a press conference on the NaMo App on these allegations of Data Chori!
Will the media dare to question Modi ji on the functioning of his App? Will the brain behind this “Data Usurpation” be summoned?
What about the 15 Lakh NCC cadets & their privacy? https://t.co/unLi2Sj2AW
— Randeep Singh Surjewala (@rssurjewala) March 24, 2018
Surjewala’s ’15 lakh NCC cadets’ jibe was in connection with media reports on how the Director General of NCC had directed units across India to ask their cadets to compulsorily download Modi’s mobile apps by submitting personal data. The directive had said, “Mid March has been fixed for inviting the questions, queries and suggestions from the cadets via Modi App directly to the PM. To this end, the first step is the nominal roll of all the cadets of your DTE (BN wise). The nominal roll should have the Ser No, Name, Mobile No, email ID and remarks.”
The revelation had prompted the social media users to launch #DeleteNaMoApp campaign on Twitter, where the topic remained a top trend all throughout Friday. On Friday, Janta Ka Reporter exclusively reported how the ministry of defence headed by Nirmala Sitharaman may have compromised the personal data of 50 lakh ex-servicemen.