Project Chintan

UMANG portal flaws exposed user data across hundreds of services, researchers find

Security researchers have identified significant vulnerabilities in the Indian government's UMANG mobile application and web portal. The flaws reportedly exposed sensitive personal information across hundreds of integrated public services, including pension details and biometric identification numbe

By Project Chintan Newsroom
14 July 2026 · 1 min read
UMANG portal flaws exposed user data across hundreds of services, researchers find

Security researchers discovered critical flaws in the Unified Mobile Application for New-age Governance (UMANG) portal, which serves as a central hub for hundreds of Indian government services. The vulnerability allowed for the potential exposure of sensitive user data due to improper API security configurations.

The findings indicate that the exposed data includes Universal Account Numbers (UAN) associated with the Employees' Provident Fund Organisation (EPFO) and Aadhaar numbers linked to various service profiles. Additionally, researchers noted that transaction history and details regarding LPG cylinder bookings with major oil marketing companies were accessible.

While the developers have since been notified to address these security gaps, the incident highlights ongoing challenges in securing centralized digital infrastructure used by millions of citizens. The researchers emphasized that the vulnerability could have permitted unauthorized access to a vast database of citizen records without requiring user interaction.

Source: UMANG portal flaws exposed user data across hundreds of services, researchers find

Related stories