Zack Whittaker

SCOOP: India's income tax authority has fixed a major bug that was exposing sensitive taxpayers' data to any other signed-in user, according to the researchers who found the bug.

TechCrunch's @jagmeets13 verified the data exposure by asking the researchers to check his own records.

https://techcrunch.com/2025/10/07/security-bug-in-indias-income-tax-portal-exposed-taxpayers-sensitive-data/

Exclusive: Bug in India's income tax portal exposed taxpayers’ sensitive data

TechCrunch verified that the security bug in the Indian Income Tax Department's e-Filing portal exposed taxpayers' data to other users. The security researchers who found the flaw say the data leak is now fixed.

TechCrunch
Oct 7 at 2:31pmWeb
Show threadZack WhittakerOct 7

The bug (known as an IDOR) was really easy to exploit, thanks to a lack of security checks at the server-side. Anyone logged in to India's income tax dept's e-Filing system could've accessed the sensitive financial and personal information of anyone else.

The e-Filing system has over 135 million registered users. đź« 

https://techcrunch.com/2025/10/07/security-bug-in-indias-income-tax-portal-exposed-taxpayers-sensitive-data/

Exclusive: Bug in India's income tax portal exposed taxpayers’ sensitive data

TechCrunch verified that the security bug in the Indian Income Tax Department's e-Filing portal exposed taxpayers' data to other users. The security researchers who found the flaw say the data leak is now fixed.

TechCrunch