Flawed Income Tax India website reveals user Tax details

Wednesday, July 16, 2008

Everybody is getting onto the bandwagon to file their returns online, be it from myitreturn.com or https://incometaxindiaefiling.gov.in.

But I just noticed that on Incometaxindiaefiling.gov.in the registration and password reset is quite flawed.

First you just need a few details about somebody to check all his returns check his earnings and other details, this can be very useful to banks and other services companies to know the real earnings of a person or a corporate. It is very easy to get these details by using Social Engineering (Give a lucrative offer and anyone will fall for it).

Lets have a look at the flaws:

1) Registration Flaw - This gives access to address details of a PAN Holder.

You need PAN number, Name and date of birth of your victim which is very to get via social engineering and you can register as any person whose details you have.

Now after registering you will immediately get the address details of the PAN holder.

2) Forgot Password Flaw - This will give access to a registered users account with all information such as his Income, Taxes, his other income sources, Tax deducted etc

Now you need the same details of your victim Name, PAN card and Date of Birth and fill up those details and put the PAN card number as the Username at Forgot Password Page

The best thing in both the cases is the Username is same as your PAN card so even if you are not aware of the Username no need to worry, its the PAN card number buddy.

On a serious note so many people around you have access to these personal details for example, Cellular service providers like Bharti Airtel and Vodafone and there have been multiple instances when these providers have sold customer details to third parties such as Banks, Mortgage companies, Leisure resort companies etc. (I had a very bad experience with Bharti Airtel).

These loan agents who come to collect your details for a Bank account, Bank Loan, Credit Card, Share Trading account they have all your details and it is so easy for them to go ahead and modify your password and login to your account and then sell you services or even bad collect all these details and sell to Russian mafia for $5 each and it just gets worst from here.

Many bad things can happen, IncomeTax India website needs an overhaul in the way both of these mechnaisms work or else it will be a great threat to the nation and its people.

PS: Do not misuse this feature and blame me.

1 comments:

Anonymous said...

if govt cannot secure it self how it will save us indians, UPA needs to make way for other parties

  © Blogger templates Newspaper by Ourblogtemplates.com 2008

Back to TOP