A recent discovery by researcher Viktor Markopoulos has unveiled a serious data breach on a Bangladeshi government website, resulting in the leakage of personal information belonging to millions of citizens.
TechCrunch, the first to report on the incident, revealed that the leaked data included sensitive details such as full names, phone numbers, email addresses, and national ID numbers. Markopoulos identified the leak on June 27 and promptly reported his findings to the Bangladeshi e-Government Computer Incident Response Team (CERT).
According to Markopoulos, finding the leaked data was surprisingly straightforward, as it appeared in the search results of a Google query related to an SQL error. TechCrunch independently verified the authenticity of the leaked data by using a portion of it to query a public search tool on the affected government website.
This process returned additional data from the leaked database, including the names of individuals who had applied for registration, and in some cases, the names of their parents.
Despite the gravity of the situation, TechCrunch’s attempts to contact various Bangladeshi government organizations regarding the issue were unsuccessful. As a result, the name of the compromised government website has not been publicly disclosed, as it continues to expose citizens’ data to unauthorized access.
The compromised information leaves affected citizens vulnerable to identity theft and potential scams. Markopoulos warned that threat actors could exploit this data to gain unauthorized access to the web application on behalf of citizens, enabling them to manipulate or delete applications and even view Birth Registration Record Verifications.
Urgent action is required to address this alarming security breach and protect the privacy and security of Bangladeshi citizens.
