A website run by the government of Bangladesh leaks the personal information of its residents, including their complete names, telephone numbers, email addresses, and national identification numbers.
According to Viktor Markopoulos, a researcher who works for Bitcrack Cyber Security, he unintentionally found the leak on June 27. Shortly after that, he alerted the Bangladeshi e-Government Computer Incident Response Team (CERT). He stated that the leak included the personal information of millions of people who are nationals of Bangladesh.
TechCrunch was able to establish beyond a reasonable doubt that the data that was compromised is accurate by utilizing a piece of it to perform a search query on a public search engine that was available on the website of the relevant government agency. This action caused the website to return further data that was present in the compromised database.
These other pieces of information included the name of the individual who had submitted an application to register, as well as, in some instances, the names of the individual’s parents. This was attempted with ten separate sets of data, all of which produced accurate results when analyzed.
TechCrunch will not disclose the name of the official website since, according to Markopoulos, the data can still be accessed online. Furthermore, we have not received a response from any of the Bangladeshi government agencies that we approached in an effort to get a comment and warn them of the data exposure.
A National Identity Card, which provides a one-of-a-kind identification number to each person of Bangladesh and is granted to anybody above the age of 18, is mandatory for all adults in the country. The card is required of all citizens and grants them access to a variety of services, including the ability to obtain a driver’s license or passport, to purchase or sell property, to create a bank account, and to do a number of other things.
Speaking about the bangladesh government website that Leaks personal data, The Bangladeshi Central Emergency Response Team (CERT), the press office of the Bangladeshi government, the Bangladeshi embassy in Washington, District of Columbia, and the Bangladeshi consulate in New York City did not respond to requests for comment.
According to Markopoulos, the process of locating the data “was too easy.”
“I had no intention of ever looking for it, but there it was as a result on Google when I searched for something else. “I was Googling a SQL error and it just popped up as the second result,” he told TechCrunch, referring to SQL, which is a language built for handling data in a database.
Read Also;Reddit Goes Down Just As A Site-Wide Protest Against Its Unpopular New API Policy kicks Off
The exposure of email addresses, phone numbers, and national ID card numbers is problematic in and of itself, but Markopoulos also said that having this type of information could “be used in the web application to access, modify, and/or delete the applications as well as view the Birth Registration Record Verification.” This is a particularly troubling remark because it suggests that the information could be exploited to view the verification of birth registration records.
Follow our socials Whatsapp, Facebook, Instagram, Twitter, and Google News.
