The Unique Identification Authority of India (UIDAI) has announced the launch of its first structured Aadhaar Bug Bounty Programme aimed at strengthening the security of Aadhaar-related digital platforms. The initiative invites cybersecurity experts and ethical hackers to identify vulnerabilities in key UIDAI systems and report them responsibly.
According to the official announcement, the programme is designed to enhance security by leveraging the expertise of independent researchers who can help detect weaknesses that may not surface during routine security audits.
Prize and reward structure
Participants who discover and responsibly report security vulnerabilities will receive rewards depending on the severity of the issue identified.
The vulnerabilities are categorised into four levels:
Critical
High
Medium
Low
Rewards will vary based on the impact and seriousness of the vulnerability discovered. The objective is to encourage responsible disclosure while strengthening Aadhaar’s cybersecurity framework.
How the programme works
Under the Bug Bounty Programme, selected security researchers will test several UIDAI digital platforms. These include:
UIDAI official website
myAadhaar portal
Secure QR Code application
Researchers will examine these platforms for potential security gaps. Any vulnerability identified must be reported responsibly through the defined disclosure process. UIDAI will then assess the report and determine the severity level before issuing rewards.
Eligibility criteria
The programme currently involves a limited group of cybersecurity professionals. UIDAI has selected a panel of 20 experienced security researchers and ethical hackers to participate in the initial phase of the initiative.
These experts were chosen based on their experience in vulnerability research and cybersecurity practices. The programme is therefore not open to the general public at this stage.
Terms and conditions participants should know
Participants must follow responsible disclosure practices when reporting vulnerabilities. Key conditions include:
Vulnerabilities must be reported directly to UIDAI through the official programme channels.
Researchers must avoid exploiting or publicly disclosing vulnerabilities before reporting them.
Testing should only be conducted on approved UIDAI platforms covered under the programme.
Rewards will depend on the severity classification assigned by UIDAI.
UIDAI is conducting the programme in partnership with cybersecurity firm ComOlho IT Private Limited, which will assist in managing the initiative.
Why UIDAI launched this programme
UIDAI stated that cybersecurity is critical in the digital ecosystem, especially for platforms handling large-scale identity data. The authority already uses multiple layers of protection including security audits, vulnerability assessments, penetration testing, and continuous monitoring.
The Bug Bounty Programme adds another layer of defence by allowing independent experts to help identify hidden risks and strengthen the security of Aadhaar digital services.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
