A French cyber security researcher and ethical hacker, Robert Baptiste, on Monday morning tweeted that the official website of Indian Prime Minister Narendra Modi had been compromised and that someone had unauthorised access to the full data on the website. Baptiste, who goes by name of Elliot Alderson on Twitter, says that the person who has unauthorised access to narendramodi.in uploaded a text file on the site server as proof and then alerted him. Baptiste is infamous in India for pointing out the security loopholes and bugs in UIDAI's Aadhaar programme and Aadhaar app.
The website usually contains news about Narendra Modi, his biography, his public schedule as well as has interactive tools for users.
Baptiste tweeted, "Contact has been done with their team... I had a nice chat with the narendramodi.in team. They will take the appropriate measures and solve the issue." From his tweet it is clear that Baptiste is not the one who got the access to narendramodi.in servers. He says that someone else did it and then alerted him. It seems that the team that runs Modi's website noticed tweet from Baptiste and quickly got in touch with him as reported by India Today.
Hi @narendramodi,
A security issue has been detected on your website. An anonymous source uploaded a txt file containing my name on your websites in realtime. He also have a full access to your database. You should contact me in private and start a security audit ASAP!
Regards, pic.twitter.com/AuDupzRlrL— Elliot Alderson (@fs0c131y) January 14, 2019
Earlier Baptiste had tweeted: "Hi @narendramodi, A security issue has been detected on your website. An anonymous source uploaded a txt file containing my name on your websites in realtime. He also have a full access to your database. You should contact me in private and start a security audit ASAP!"
In his next tweet, Baptiste clarified, "PS: The vulnerability is working for the staging subdomain but also for the main website PS1: I didn't upload this file, I'm not that stupid. PS2: The source deleted the file on my request just after I see it."
PS: The vulnerability is working for the staging subdomain but also for the main website
PS1: I didn’t upload this file, I’m not that stupid.
PS2: The source deleted the file on my request just after I see it— Elliot Alderson (@fs0c131y) January 14, 2019
I had a nice chat with the https://t.co/MVQckTvI6L team. They will take the appropriate measures and solve the issue pic.twitter.com/Jg5D8UQk69
— Elliot Alderson (@fs0c131y) January 14, 2019