Bangladeshi Government Website Breach: Millions at Risk as Personal Information Leaked

A Bangladeshi government website has been discovered to have leaked the personal information of millions of citizens. The leaked data includes full names, phone numbers, email addresses, and national ID numbers, which could potentially lead to severe privacy and security issues for the affected individuals.

The discovery was made by Viktor Markopoulos, a researcher affiliated with Bitcrack Cyber Security. On June 27, Markopoulos stumbled upon the leaked data accidentally while conducting a search related to SQL errors. Realizing the magnitude of the leak, he promptly notified the Bangladeshi e-Government Computer Incident Response Team (CERT) about the situation.

ALSO READ: Step By Step Guide: How To File Cybercrime Complaint Online In India

To verify the authenticity of the leaked data, TechCrunch conducted its own investigation. By utilizing a portion of the leaked information to query a public search tool on the affected government website, TechCrunch was able to retrieve additional data from the leaked database. This included the names of individuals who had applied for registration, and in some cases, the names of their parents. TechCrunch repeated this process with ten different sets of data, all of which returned accurate results.

Although the leaked data has been proven to be genuine, TechCrunch has chosen not to disclose the name of the government website responsible for the leak. This decision is based on the fact that the data is still accessible online, as confirmed by Markopoulos. Furthermore, despite reaching out to various Bangladeshi government organizations via email to request comments and alert them about the data exposure, TechCrunch has yet to receive any responses.

ALSO READ: Looking For Nodal Officers Of Banks, Telecoms, Social Media? Click The Link Here To Fetch Numbers – Details Inside

The leaked data is especially concerning due to the nature of the information exposed. In Bangladesh, every citizen aged 18 and older is issued a National Identity Card, which assigns a unique ID to individuals and is mandatory for accessing various services. Consequently, the leaked data potentially provides unauthorized individuals with the means to exploit sensitive services, such as obtaining driver’s licenses, passports, buying or selling land, and opening bank accounts.

Despite the seriousness of the situation, both the Bangladeshi CERT and government entities have remained silent on the matter.

Markopoulos expressed his astonishment at how easily he stumbled upon the leaked data. According to him, it appeared as a Google search result while he was looking for an SQL error. This incident highlights the potential vulnerabilities and lapses in the security measures employed by the government website.

The leak of personal information such as email addresses, phone numbers, and national ID card numbers not only poses immediate risks to individuals’ privacy but also opens the door for potential abuse. With this type of information, unauthorized individuals could gain unauthorized access, modify or delete applications, and even view Birth Registration Record Verification within the web application.

ALSO READ: Search All India Police Station Phone Numbers & Mail ID Through This Search Engine

The Bangladeshi government now faces the critical task of addressing this security breach, ensuring that the leaked data is promptly removed from public access, and implementing more robust security measures to prevent similar incidents from occurring in the future. The affected citizens deserve swift action to mitigate the potential harm caused by this data exposure and to restore trust in the government’s ability to protect their personal information.

KEY HIGHLIGHTS:

• A Bangladeshi government website has been discovered to have leaked the personal information of millions of citizens.
• The leaked data includes full names, phone numbers, email addresses, and national ID numbers, posing severe privacy and security risks.
• The leak was accidentally discovered by researcher Viktor Markopoulos from Bitcrack Cyber Security on June 27.
• TechCrunch verified the legitimacy of the leaked data by querying a public search tool on the affected government website, confirming the accuracy of the information.
• The leaked data is alarming as it can be used to access, modify, and delete applications, as well as view Birth Registration Record Verification.
• Despite being alerted about the data exposure, Bangladeshi government organizations, including the CERT, have not responded to requests for comment.
• The National Identity Card, issued to every citizen aged 18 and older, is mandatory for accessing various services, making the leaked data even more concerning.
• The ease with which the leaked data was found raises questions about the government website’s security measures and vulnerabilities.
• The Bangladeshi government needs to take immediate action to address the breach, remove the leaked data from public access, and strengthen security measures.
• Restoring trust and ensuring the protection of citizens’ personal information should be a top priority for the government in the wake of this data exposure.

Follow The420.in on

 Telegram | Facebook | Twitter | LinkedIn | Instagram | YouTube