The data of thousands of persons who had registered for attending the annual Chithirai festival of the Madurai Meenakshi Amman Temple, was leaked via an email sent to those who registered on the temple’s website. The leaked data includes names, contact details, and ID proof (Aadhaar, pan card, etc). Meanwhile, the officials remained unaware of the incident.
Chithirai festival is set to be celebrated between April 12 and 21, with the celestial wedding — Meenakshi Thirukalyanam — being held on April 14. The temple management had earlier stated that advance booking of the tickets to attend the event starts on April 4 and will end by April 7. Devotees could either register on the temple website www.maduraimeenakshi.org or purchase a ticket in person from the Birla Vishram lodge located in Chithirai street.
There were two kinds of tickets announced — Rs 500 and Rs 200. As many as 2,500 Rs 500 tickets and 3,200 Rs 200 tickets were announced for sale. The selection of those who get a ticket will be done through a lottery system, the temple had said. In order to register themselves, people had to enter their name, contact number, address, e-mail ID, photograph, and ID proof. The list of accepted ID proofs were Pan card, driving license, Aadhaar card, ration card, passport, voter ID or nationalised bank pass book.
While the temple management had said that an email will be sent on April 8 to those who got selected in the lottery, after which they could make a payment, an email was sent during the wee hours on April 10. The email of a registered person accessed by TNM says “payment successfully made”, accompanied by a Transaction ID and a link for downloading the ticket proof. This proof was then supposed to be shown at the Birla Vishram guest house and tickets collected.
However, to the absolute shock of those who received the mail, the link went to a page in the temple website which had all the data of thousands of persons who registered in the website. This data includes addresses and photographs.
“The highlight is I did not make any payment at all, but I received the email. My details, photo and ID proofs have all been compromised," said a person who registered, seeking anonymity.
Meanwhile, the page was taken down by Sunday afternoon, April 10. The users received an email apologising for the inconvenience caused, and that the earlier mail was “sent out due to system maintenance.” The mail also said that “it doesn’t confirm the ticket allotment.” However, no further details on if they were selected or not has been provided.
Sundaram, based at Thirumangalam, said that it was a disappointment when the details came up in the public. Another devotee who registered for the event, Anjana, said, “I was not much worried about the misuse of data, because I was very happy to attend the event after two years. However, when they said it was a system glitch, I was taken aback as to how it can happen in such a big system. Being able to apply online is a technical development, which is much appreciable. But, the data is going internationally as everyone applies and it is a big threat, because photo, residence proof everything has gone out.”
When TNM contacted the Joint Commissioner of the temple K Chelladurai, he said that the concerned email was sent to twenty persons due to a mistake, which has been rectified. “This was a technical issue. The others have received the proper email and are getting their tickets right now,” he said and added that around 5,000 persons had registered for the Rs 500 tickets (2,500 have been selected) and 4,000 persons had registered for Rs 200 tickets (3,500 persons selected).
However, neither the district collector nor the Minister of Hindu Religious and Charitable Endowments Department PK Sekar Babu were aware of the massive data leak. However, both of them said that the concerned officials will be directed to look into it.
Speaking on this issue, cyber security enthusiast Balaji Vijayaraghavan said that the temple site in itself was weak and there was no need for a cyber security person to get to the backend of the site but a normal website developer could get through without trouble. “There is a basic attack called distributed denial-of-service (DDoS) attack, where when we send heavy packets of data, the site will crash. This website is not even equipped to handle a function as simple as that one. This is not a matter of internet bandwidth availability, but the site does not follow the basic framework,” he said and added that the interesting part between PDS data leak and this one was that both the sites are managed by the same cybernetics company.
Stating that the temple’s website has been hacked twice in 2014 and 2017, Balaji said that this data is now available in the dark web.