App flaw exposes data of millions of Indian students and teachers

A security flaw in the mandatory "Diksha" app operated by the Education Ministry, which became an important tool for giving students access to coursework while at home during the pandemic, exposed the data of millions of Indian students and teachers for more than a year when a cloud server hosted on Microsoft Azure was left unprotected. In 2022, Human Rights Watch found that Diksha was able to track students location, and shared data with Google, which indexed more than 100 files from the unprotected server as early as 2018.

https://www.wired.com/story/diksha-india-education-app-data-exposure/

Writer: Vittoria Elliott and Dhruv Mehrotra

Publication: Wired