In India, there are multiple issues to catch up on. I’ve encountered many in my day-to-day life, with no way out and zero accountability from authorities. This is my personal opinion post—I know it might spark debate, and it may not suit 98% of Indians who don’t know what vulnerability means or how it can destroy a life if targeted at someone’s personal details.
This is one example that’s growing fast in India, and I don’t see anyone concerned. But soon, it’ll be a single-point vulnerability: one hack, and a person’s life is finished. Yeah, we can debate or discuss – there’s reporting mechanisms, but how successful are they in India? Numbers from the internet show how serious we are for cyber fraud and security.
EPFO
Every working-class Indian knows this department, or I can say it’s mandatory for us. Recently, one of my friends reported unauthorized transactions from his EPF account. I logged in and saw the bank details were his own. I told him, “It’s okay, right? The amount credited to your account.” He said yes, but within 10 minutes, it was transferred to 2-3 other accounts. That got me furious—how the hell did this happen? I was sure he shared an OTP with scammers, leading to this cyber fraud. What I found wasn’t rocket science, a simple RAT (remote administration tool) attack. But the massive concern here is forcing people to use the same number, letting attackers compromise life savings from a single point.
EPFO forces us to link the same mobile number to UAN and Aadhaar (not just linking UAN to Aadhaar—that’s separate—but trapping us with the same number). Or face errors on the EPFO site: “Dear Member, your mobile number linked with UAN doesn’t match with Aadhaar linked mobile.”
As a smart/paranoid person dodging scams with separate numbers (personal number for UAN/banking – my everyday one and family or dumb phone for Aadhaar as backup, to save me if the primary gets hacked or swapped), nope the authority mandates this single-point vulnerability. One hack, and everything’s exposed.
No accountability from anyone. It’s like the Indian authority is handing cyber crooks a golden key on a platter, screwing the common man. This is a massive single-point failure. One SIM swap or hack, and your entire life (PF, bank, subsidies) is gutted.
Pros: Sure, seamless OTP verification and traceability. But in 2025, with cybercrimes nearing 25 lakh cases and solve rates scraping near nothing% in many states (national double-digit but abysmally low resolution), it’s criminal negligence.
No common sense: Linking UAN-Aadhaar is fine for verification and person identification – but at least let us split informational (notifications/login) vs. transactional (high-risk OTPs) numbers. Instead, they’re gifting crooks a master key while victims rot with zero accountability.
I see the same trend with banks and financial institutions—no one cares how big this threat is by dumping all day-to-day info/notifications/auth and high-risk verifications on a single channel: the mobile number. While cyber fraud conviction rates are nowhere near addressing the security concerns.