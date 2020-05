Ethical Hacker Elliot Alderson, a Twitter alias on the American television series character “Mr Robot”, on May 5 tweeted that there were security issues with the COVID-inspired Aarogya Setu app.

He tagged the app’s handle and said: "A security issue has been found in your (Aarogya Setu) app. The privacy of 90 million Indians is at stake. Can you contact me in private?"

Hi @SetuAarogya, A security issue has been found in your app. The privacy of 90 million Indians is at stake. Can you contact me in private? Regards, PS: @RahulGandhi was right — Elliot Alderson (@fs0c131y) May 5, 2020

In the thread, the hacker said that he was waiting a fix before disclosing the issue publicly. He pointedly said that the app has put data of 90 million Indians at risk.

To be super clear: - I'm waiting a fix from their side before disclosing publicly the issue. Putting the medical data of 90 million Indians is not an option. - I have a very limited patience, so after a reasonable deadline, I will disclose it, fixed or not. — Elliot Alderson (@fs0c131y) May 5, 2020

49 minutes after this tweet, @IndianCERT and @NICMeity contacted me. Issue has been disclosed to them. — Elliot Alderson (@fs0c131y) May 5, 2020

He had previously exposed multiple vulnerabilities in the Aadhaar app and kicked up a storm on social media by claiming he found massive loopholes in the Aadhaar’s mobile application on Google that allowed anyone with basic coding knowledge to gain user data.

He had also drawn attention of cybersecurity flaws in several Indian organisations including ISRO, BSNL, India Post, and Paytm.