In a major security breach, a government website in Bangladesh inadvertently disclosed sensitive personal information of its citizens. The Massive Data Breach data includes full names, phone numbers, email addresses, and national ID numbers.
Researcher Discovers Massive Data Breach:
Viktor Markopoulos, a researcher affiliated with Bit crack Cyber Security, stumbled upon the breach. On June 27 he promptly notified the Bangladeshi e-Government Computer Incident Response Team (CERT). Markopoulos estimates that millions of Bangladeshi citizens’ data has suffered compromise.
Massive Data Authenticity Confirmed
A news website verified the authenticity of the leaked data. Using cross-referencing a portion of it with a public search tool on the affected government website. The search yielded additional data from the leaked database. Data including applicants’ names and, in some cases, the names of their parents. They repeated this verification process with 10 different data sets, and each data set returned accurate information.
Out of concern for ongoing data exposure, the website has refrained from disclosing the name of the government website. Despite reaching out to various Bangladeshi government organizations via email to notify them of the data exposure. Despite our efforts to seek comments, we have not received any response thus far.
Bangladesh issues a National Identity Card to all citizens aged 18 and above. Moreover, each ID card assigns a unique ID to each individual. Importantly, this card is mandatory and enables access to a wide range of services, including obtaining a driver’s license, passport, engaging in land transactions, and opening bank accounts.
Despite efforts made, requests for comments from Bangladesh’s CERT, government press office, embassy in Washington, D.C., and consulate in New York City have unfortunately gone unanswered.
Markopoulos emphasized the ease with which he discovered the exposed data. Specifically, he found it while conducting a Google search for an SQL error, where it appeared as the second result. Notably, SQL is a language commonly used for managing data in databases.
The disclosure of email addresses, phone numbers, and national ID card numbers is deeply concerning. However, Markopoulos warns that the implications go beyond that. He cautions that this information could potentially be exploited within the web application itself, leading to unauthorized access, modification or deletion of applications, and even unauthorized viewing of the Birth Registration Record Verification
