I Hacked India's Gst Portal–11.8m Taxpayers Exposed; Enabling Stock Manipulation

Posted4 months ago

LuD1161

6 points

1 comments

aseem-shrey.medium.comTechstory

calmneutral

Debate

20/100

SecurityData LeakGst Portal

Key topics

Security

Data Leak

Gst Portal

A security researcher discovered a vulnerability in India's GST portal, exposing 11.8M taxpayers' data.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

N/A

Peak period

Start

Avg / period

Key moments

01Story posted
Sep 7, 2025 at 4:30 AM EDT
4 months ago
Step 01
02First comment
Sep 7, 2025 at 4:30 AM EDT
0s after posting
Step 02
03Peak activity
1 comments in Start
Hottest window of the conversation
Step 03
04Latest activity
Sep 7, 2025 at 4:30 AM EDT
4 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (1 comments)

Showing 1 comments

LuD1161Author

4 months ago

I found an Insecure Direct Object Reference(IDOR0 security issue that led to leaking GST challans (receipts) of all the 11.8M registered taxpayers. Here's the full story alongwith a video PoC.

Note: No personal data was ever shared or harvested. This was responsibly disclosed to the authorities through proper channels and only after the disclosure timeline (120 days) was it published in the online media.

View full discussion on Hacker News

ID: 45156441Type: storyLast synced: 11/17/2025, 6:02:42 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN