Critical DigiLocker Vulnerabilities Put 3.8 Crore Users at Risk: Researcher By Techtonic group The Indian government's ' DigiLocker ' online cloud service reportedly had a critical authentication flaw that could have potentially allowed hackers to access personal data of 38 million (3.8 crore) users. That's according to cyber-security researcher, Ashish Gahlot, who says he discovered the vulnerability while analyzing its platform's authentication mechanism. In a detailed post on Medium , he claimed that the vulnerability allowed him to intercept the connection and bypass the authentication with just a simple script. According to him: "So we can just write a python script ... and by just knowing the username we can change the password of ANY USER" . As it turns out, the flaw allowed anyone with sufficient skills to change the PIN of someone else's account even without a password . The flaw could also have potentially allowed malicious act...