HQ/EMEAFind out how we can help your business
The Bangladesh government website exposed the personal data of its citizens. The confirmed information included in the leaked details are names, phone numbers, email addresses and national ID numbers.
Based on reports, a security researcher accidentally found the data leak last month. He immediately contacted the Bangladeshi e-Government Computer Incident Response Team (CIRT) about the attack. The researcher claimed that the exposed details contain Bangladesh-native information.
The country has now removed the exposed data from the Bangladesh government website.
Earlier this week, the country’s security team took down the exposed data on the Bangladesh government website.
A separate research group verified the leaked data and found it legitimate. The group has completed their analysis by utilising a portion to query a public search tool on the impacted website.
The website returned other information in the leaked database using the queuing method. The info returned from the study includes the name of a person who applied to register and the name of their parents. The researchers then attempted ten sets of individuals, all returning correct data.
Every Bangladeshi aged 18 and above is issued by its government a National ID Card. The ID is mandatory and allows its citizens to access several services like acquiring driver’s licenses, purchasing, or selling properties, opening bank accounts, and getting a passport, among others.
As of now, the Bangladeshi government has yet to disclose any statement about the origin of the data leak. Hence, its source could be malicious or merely a misconfiguration.
On the other hand, the researcher who discovered the leak said that finding the data was too easy. The exposed data appeared on Google results even though he did not intend to search for it. The researcher explained that he was scouring the internet for SQL errors, and the Bangladeshi data suddenly appeared.
Cybersecurity experts said that exposing these details could negatively impact its owners since malicious actors could acquire and use them for other illegal purposes. Furthermore, individuals affected by such events could be prone to attacks, such as phishing campaigns.
