Image Source: India Today

Serious data privacy breach at DU admit card 2020 download portal

| New Delhi |

A serious data privacy breach on the DU admit card 2020 download portal was noted by two Twitter users. Personal details of all Delhi University students are now easily available to the public.
Early on Thursday, two Twitter users pointed out the serious data privacy breach problems arising in the DU admit card 2020 download portal, which is part of the official Delhi University website.
Anyone with the �gateway password� can download the admit cards of all students in any Delhi University college.
To get their DU admit cards for the upcoming DU open book exams (OBE) for final-year students, students need to fill in the details on three slots -- �exam roll no�, �student name� and �gateway password� -- on this online portal.
The problem is that the �gateway password� is a single password for each Delhi University college. So each student of a DU college can get access to the personal details of all other students in that college simply by getting the student name and corresponding roll numbers through the list available from the previous semester DU results.
This data breach leaves sensitive information on each admit card such as student name, phone number, and home address easily available to all the students in a particular DU college, and even the wider world who have access to the gateway password.
Twitter users Vivek Prasad and Ribhav explained the matter on Twitter with all relevant screenshots from the DU admit card download portal.
What makes matter worse is that the gateway password is itself not very hidden or unique.
As Twitter user Ribhav noted, the gateway password is the same as the college code, and college codes of all DU colleges are also easily available on the public domain or shared amongst many students.
This makes the DU online portal privacy breach even more serious as anyone in the world could have access to the personal details of all Delhi University students who filled the form to appear for the upcoming DU open book exams slated for July.
�And this college gateway password can be shared with anyone and everyone in the whole wide world, who will then gain similar access to all the admit cards with addresses, phone numbers and emails! WHAT was DU thinking??� wrote Vivek on Twitter.
The scale of the data privacy breach is apparent through the sheer amount of information that is available.
This not only includes the students� phone numbers, email IDs, and home addresses, but also the name of their father, details of �student type� and the course they are taking.
As a Twitter user pointed out, this data privacy breach could put students in danger from potential stalkers.
�There is a very real risk of a potential stalker getting hold of phone number, email ID &home address of a potential victim through the Delhi University Online Admit Card,� said Vivek Prasad on Twitter.
�There are also far graver risks that emerge from this blatant disregard for students' personal data protection,� he said.
Akshay Marathe, a media panelist for Aam Admi Party tweeted that this fiasco could be a danger to the women students in Delhi University and compromise their safety.
Also, this kind of data breach problem is not just limited to Delhi University but crops up now and then in other exams as well.
Delhi University law students seriously affected as college code out on Whatsapp groups
Vivek Prasad stated on Twitter that the nearly 2000 students of the three law centres of the Faculty of Law, University of Delhi were the most affected by Delhi University's data privacy breach since their college code had been shared on Whatsapp groups.
Both Twitter users who brought this DU admit card download portal�s data privacy breach to the light said that the very minimum that could have been done to avoid such a scenario would be to make the admit cards accessible through unique OTPs shared on each student�s mobile number instead of making all the DU admit cards available to all students in a college.