Income Tax e‑Filing Portal: Fix Confirmed, Reader Safety Toolkit

A serious data exposure risk within India’s income tax e‑filing portal was patched. Details, safety level, and a practical checklist are provided below.

🛡️ Status: Fixed (confirmed Oct 2, 2025) Discovered by independent cybersecurity researchers in Bengaluru (IDOR)

Pune Municipal Transport Building, Pune city, representing public infrastructure and governance systems in India. — The Pune Municipal Transport (PMT) Building is used here as a visual cue for public systems. The incident relates to the national e‑filing portal. (Photo: Wikimedia Commons / CC BY‑SA 4.0)

After discovery, the researchers reported the issue to CERT‑In. The matter pertains to the e‑Filing system of the Income Tax Department, under the Ministry of Finance, with platform development associated with the National Informatics Centre. Related reading on Karmactive: misinformation and accountability, copyright and privacy disputes, and large‑scale computing.

Feature Image Link:

Explanation & Current Safety Level

What was found: An IDOR (Insecure Direct Object Reference) permitted a logged‑in user to fetch another taxpayer’s information by altering a request with another PAN.

Data fields involved: names, addresses, phone numbers, email IDs, dates of birth, bank details, and Aadhaar numbers.

Fix status: correction confirmed by the researchers on Oct 2, 2025. The description here relates to the period before that date.

Reader safety level now: Routine precautions advised. The portal was patched; regular password hygiene, updated contact details, and monitoring of accounts remain good practice.

ScopeMore than 135 million users registered; about 76 million filed returns in FY 2024–25.

MechanismServer accepted a PAN swap in a logged‑in request, exposing another user’s record.

StatusResearchers stated the issue was resolved and the portal became safe to continue routine use.

Timeline

September 2025

Discovery during tax filing by two independent researchers.

September 30, 2025

CERT‑In noted the Income Tax Department was addressing the flaw.

October 2, 2025

Researchers confirmed the fix.

Personal Safety Toolkit

Checklist

Enable two‑factor login on the portal

Update password (12+ chars, unique)

Verify contact details on the portal

Review last login and activity

Check bank alerts/UPI SMS/email settings

Refresh Aadhaar‑linked mobile/email

Live Safety Meter

Baseline

Complete the checklist to raise the safety meter. Use strong, unique credentials and keep contact details updated.

Portal references: Income Tax e‑Filing · CERT‑In · Ministry of Finance · NIC

The section included the feature image, an explanation of the IDOR, the current fix status, a safety level indicator, a checklist, a timeline, an open‑source map, and working backlinks to official sources and related Karmactive coverage.

Karmactive Whatsapp group - https://www.whatsapp.com/channel/0029Vb2BWGn77qVMKpqBxg3D

Latest from India

Person holding a smartphone in their hand with red nail polish, wearing a dark shirt against a black background.

UPI Biometric Payments To Start Soon As NPCI And Banks Test Face And Fingerprint Verification

Technology 📅 Oct 2025 UPI Biometric Update: Fingerprint & Face Authentication Planned India’s Department of Financial Services announced upcoming biometric options for UPI, enabling fingerprint and facial recognition for seamless payments and

India Turns Student Ideas into Solutions Through Viksit Bharat Buildathon 2025 Innovation Challenge

Education · Innovation Viksit Bharat Buildathon 2025 The Ministry of Education, in partnership with the Atal Innovation Mission and NITI Aayog, is running a nationwide Buildathon for students in Classes 6–12 to

Snow leopard walking across a snowy Himalayan landscape, symbolizing the rare wildlife protected under India’s first Cold Desert Biosphere Reserve in Spiti Valley.

Spiti Valley UNESCO Biosphere: 7,770 Sq Km Cold Desert Protects 732 Species, 12,000 Inhabitants in Himachal

Conservation Spiti Valley Becomes India’s First Cold Desert Biosphere Reserve Snow leopard, often called the “ghost of the mountains,” photographed in India’s trans-Himalayan terrain — a flagship species now central to Spiti’s

Anant Ambani standing with elephants at Vantara zoo in Jamnagar, Gujarat, during a conservation event.

Supreme Court Clears Vantara Zoo in 32 Days While 88,400 Cases Remain Pending, SIT Report Sealed from Petitioners

Vantara Zoo Case Analysis The Vantara Zoo Supreme Court Case A swift judicial process that raised questions about sealed-cover justice and wildlife regulation in India 32 Days to Resolution 4 SIT Members

Big Bazaar store interior at Esplanade, Kolkata, showing shoppers among refrigerators, TVs, and appliances on display.

From Refrigerators To FMCG, Bills To Fall As GST Restructures Effective Sept 22

GST Change Impact Simulator GST Change Impact Simulator Explore how the new GST rates affect prices of everyday products and calculate your potential savings Select a Product Category: Electronics (TV, Refrigerator, AC)Furniture

Women wearing colorful traditional Maharashtrian sarees and ornate jewelry riding decorated motorcycles with flowers during Gudi Padwa festival procession in Maharashtra, India.

Maharashtra’s Ladki Bahin e-KYC Deadline: 26.34 Lakh Ineligible Cases Found as Government Mandates 60-Day Verification

e-KYC Verification Deadline November 19, 2025 0% Follow These Steps to Complete Your e-KYC Step 1: Visit the Official Portal ▼ Go to the official website ladakibahin.maharashtra.gov.in and look for the e-KYC

Rescue workers from India’s NDRF in orange uniforms searching through boulders and debris after the Chasoti cloudburst in Kishtwar, Jammu & Kashmir, August 2025.

GSI DG Warns ‘Climate and Human Pressures Making Hills Vulnerable’ as 21 Districts Get Early Warnings after 91,000 Landslide Zones Mapped

Heavy rains triggered a deadly landslide near Vaishno Devi shrine in August 2025, killing 34 pilgrims. Just weeks earlier, another disaster at Chasoti killed at least 60 people on the Machail Mata

Income Tax e‑Filing Portal: Fix Confirmed, Reader Safety Toolkit

Explanation & Current Safety Level

Timeline

Personal Safety Toolkit

Sunita Somvanshi

Leave a Reply

Abu Dhabi Hospital Vertiport to Cut Hour-Long Patient Trips to Minutes with Archer’s Electric Flying Taxis

IBR Forgiveness Resumes: “You’re Eligible…” Emails Out, Opt-Out Deadline Oct 21 As Processing Ramps For Millions

Latest from India

UPI Biometric Payments To Start Soon As NPCI And Banks Test Face And Fingerprint Verification

India Turns Student Ideas into Solutions Through Viksit Bharat Buildathon 2025 Innovation Challenge

Spiti Valley UNESCO Biosphere: 7,770 Sq Km Cold Desert Protects 732 Species, 12,000 Inhabitants in Himachal

Supreme Court Clears Vantara Zoo in 32 Days While 88,400 Cases Remain Pending, SIT Report Sealed from Petitioners

From Refrigerators To FMCG, Bills To Fall As GST Restructures Effective Sept 22

GSI DG Warns ‘Climate and Human Pressures Making Hills Vulnerable’ as 21 Districts Get Early Warnings after 91,000 Landslide Zones Mapped

US Launches Anti-Dumping Probe on Indian Solar Panels, Threatening $792M Export Market That Grew Tenfold

5.8 Earthquake Hits Assam: ‘I Thought I Was Dead’

Kerala Brain Infection Crisis: 66 Confirmed Cases, 17 Deaths as Health Officials Report Multiple Amoeba Species

India’s 24-Hour Medical Title Flip-Flop: DGHS Withdraws Ban on ‘Dr.’ Prefix for Physiotherapists Amid Public Debate

VinFast Enters Indian EV Market with VF6 and VF7 SUVs Starting at ₹16.49 Lakh

Maruti’s First Electric SUV Rolls Out: e VITARA Delivers 500km Range Despite 69% Production Slash

Delhi Yamuna Crisis: River Hits 207.39m, 2.06m Above Danger Mark as 10,000+ Flee and Railway Bridge Shuts

Supreme Court Backs E20 Despite 6% Efficiency Drop: Saves ₹1.36L Crore, Cuts 698L Tonnes CO₂