Early on Thursday, two Twitter users pointed out the serious data privacy breach problems arising in the DU admit card 2020 download portal, which is part of the official Delhi University website.
Anyone with the ‘gateway password’ can download the admit cards of all students in any Delhi University college.
To get their DU admit cards for the upcoming DU open book exams (OBE) for final-year students, students need to fill in the details on three slots — ‘exam roll no’, ‘student name’ and ‘gateway password’ — on this online portal.
The problem is that the ‘gateway password’ is a single password for each Delhi University college. So each student of a DU college can get access to the personal details of all other students in that college simply by getting the student name and corresponding roll numbers through the list available from the previous semester DU results.
Twitter users Vivek Prasad and Ribhav explained the matter on Twitter with all relevant screenshots from the DU admit card download portal.
What makes matter worse is that the gateway password is itself not very hidden or unique.
This makes the DU online portal privacy breach even more serious as anyone in the world could have access to the personal details of all Delhi University students who filled the form to appear for the upcoming DU open book exams slated for July.
“And this college gateway password can be shared with anyone and everyone in the whole wide world, who will then gain similar access to all the admit cards with addresses, phone numbers and emails! WHAT was DU thinking??” wrote Vivek on Twitter.
What information is available on the DU admit cards?
The scale of the data privacy breach is apparent through the sheer amount of information that is available.
This not only includes the students’ phone numbers, email IDs, and home addresses, but also the name of their father, details of ‘student type’ and the course they are taking.
Here is the info available on each DU admit card:
- College Code
- Course Code
- Part & Sem
- Student Type
- Exam Type
- Exam Roll Number
- Enrollment Number
- Father’s Name
- Date of Birth
- Email ID
- Contact Number
Thus, all these details for every Delhi University student who are supposed to appear for the upcoming DU open book exams for final-year students would be available for people who really want to access them.
Students could be in danger
As a Twitter user pointed out, this data privacy breach could put students in danger from potential stalkers.
“There are also far graver risks that emerge from this blatant disregard for students’ personal data protection,” he said.
Akshay Marathe, a media panelist for Aam Admi Party tweeted that this fiasco could be a danger to the women students in Delhi University and compromise their safety.
Also, this kind of data breach problem is not just limited to Delhi University but crops up now and then in other exams as well.
Delhi University law students seriously affected as college code out on Whatsapp groups
Vivek Prasad stated on Twitter that the nearly 2000 students of the three law centres of the Faculty of Law, University of Delhi were the most affected by Delhi University’s data privacy breach since their college code had been shared on Whatsapp groups.
What could have been done to prevent this data privacy breach?
Both Twitter users who brought this DU admit card download portal’s data privacy breach to the light said that the very minimum that could have been done to avoid such a scenario would be to make the admit cards accessible through unique OTPs shared on each student’s mobile number instead of making all the DU admit cards available to all students in a college.
Another aspect pointed out was that why would DU online open book exams (OBE) need all these details in the first place?
“Finally what is the need to have an Online Admit Card with name, Date of Birth, father’s name, home address, phone number and email ID for an Online Open Book Exam which each student would be taking remotely? Isn’t an Admit Card basically to gain access to a physical location only?” wrote Vivek.
We can only hope that Delhi University and concerned officials will take note of the matter and resolve it immediately to protect the privacy of its students.
As Vivek said in one of his last tweets on the matter, “It was highly disturbing to discover how unsecure the personal data of students is.”
“One hopes that the concerned authorities at Delhi University take immediate steps to secure the personal data of students which can be easily obtained by anyone including anti-social elements now,” he said.
Vivek noted late evening that around eight hours after he had flagged the issue, the DU admit card 2020 download portal doesn’t seem to be working.
“I believe DU is finally in the process of taking action. If one tried logging in now, it does not allow the log in and says that OTP updation is happening. Some relief!” he wrote in a response to one of our queries.