'Tis the season for data leaks and data leak allegations and now, the Indian National Congress is at the centre of a controversy about how it handles data of those who connect to the party's online/social media tools.

Elliot Alderson, who calls himself a French security researcher and who alleged misuse of personal data by the official Narendra Modi app, has now trained his vigilante hacker guns on the Congress.

Alderson, in a series of messages posted on Twitter today morning, claimed that the Indian National Congress's Android app insecurely transmits user information to the party's website.

"When you apply for membership in the official @INCIndia #android #app, your personal data are send encoded through a HTTP request to http://membership.inc.in," Alderson posted on Twitter.

'HTTP' is a relatively insecure internet protocol used to transfer data. 'HTTPS' is its more secure cousin with the 'S' at the end of 'HTTP' standing 'secure' and signifying that the data being transferred using the protocol is encrypted.

Alderson's claim on Twitter centred around the Congress's Android application NOT using the HTTPS protocol, with the implication being user data being transferred using the HTTP protocol could be at risk of getting leaked.

Alderson also went on to claim that the Internet Protocol (IP) address of 'membership.inc.in', the website to which the Congress's Android app allegedly connects to, was located in Singapore. "This server is located in Singapore. As you are an #Indian political party, having your server in #India is probably a good idea," Alderson said on Twitter.

BJP ATTACKS, CONGRESS CLARIFIES

Soon after Alderson made his claims public, Congress's social media in-charge Divya Spandana/Ramya suggested on Twitter that the Android application flagged by Alderson was an old version.

"We don't drive membership through the app, it's done through our website http://www.inc.in. Servers for these are based in Mumbai. As you may have noticed, the link on the app is broken," Spandana/Ramya said.

ALSO READ | Full text: PMO's response to charges around NaMo app forwarding peoples data to a third party app

"We don't collect any personal data through the INC app. We discontinued it a long time ago. It was being used only for social media updates. We collect data for membership and this is through our website http://www.INC.in , this is encrypted," she added.

Notwithstanding the Congress clarification, Bharatiya Janata Party's IT cell head Amit Malviya attacked the party and its president Rahul Gandhi.

"Hi! My name is Rahul Gandhi. I am the President of India's oldest political party. When you sign up for our official App, I give all your data to my friends in Singapore," Malviya said in snarky tweet that followed the same language that Rahul Gandhi used to level similar allegations against PM Narendra Modi's official app.

Hi! My name is Rahul Gandhi. I am the President of India's oldest political party. When you sign up for our official App, I give all your data to my friends in Singapore. pic.twitter.com/ceCTkod17D Amit Malviya (@malviyamit) March 26, 2018

"Hi! My name is Narendra Modi. I am India's Prime Minister. When you sign up for my official App, I give all your data to my friends in American companies," Rahul had said.

ÀLSO WATCH | Rahul, BJP spar over NaMo App: Is your data secure?