On Thursday, two users, Vivek Prasad and Ribhav, reported the serious data privacy breach problems while downloading the DU admit card 2020 from the official Delhi University website.
To access the admit cards for the upcoming Open Book Examination (OBE) for final year students, the mandatory details to be filled included- ‘Exam Roll no. ‘, ‘Student’s Name’ and ‘Gateway Password’. The problem is that the ‘Gateway Password’ for each Delhi University college is the same. It implies any student of a college can get access to personal details of all the other students in the college by merely entering the student’s name and Roll number. Through this, one can easily get sensitive information on the admit card like email ID, phone number, and home address.
Making the situation worse is the fact that the gateway password in itself isn’t unique. It is the same as the college code. And college codes of all DU colleges are readily available on the public domain. Thus, anyone can get access to anyone’s or everyone’s personal information irrespective of being from different colleges.
Akshay Marathe, a media panelist for Aam Aadmi Party, tweeted that this blunder could be a danger to the women students in Delhi University and compromise their safety.
Vivek Prasad tweeted that the personal information of around 2000 law students of Delhi University is on the stake as their college code had been shared on WhatsApp groups.
Both the Twitter users also stated a solution to the problem saying that admit cards must be accessible through unique OTPs shared on each student’s mobile number instead of making all the DU admit cards available to all students in a college. Vivek also questioned the ultimate purpose of an admit card. “Finally what is the need to have an Online Admit Card with name, Date of Birth, father’s name, home address, phone number, and email ID for an Online Open Book Exam which each student would be taking remotely? Isn’t an Admit Card basically to gain access to a physical location only?” he wrote.