Names, phone numbers, email addresses, and ID numbers of people of Bangladesh were exposed on a government website.
The leak itself was due to a weakness in their website's security, as a Bitcrack Cyber Security researcher discovered an unprotected government web portal containing a vast library of personal citizen information.
Discovering the Flaws
On June 27, Bitcrack Cyber Security researcher Viktor Markopoulos stumbled upon a leak containing millions of Bangladeshi citizens' personal information. By doing a public search on the impacted government website, TechCrunch, an American online tech newspaper, was able to confirm the accuracy of the material that had been revealed.
Through this, the website returned additional information from the stolen database, such as an applicant's name and even their parents in certain cases. The researchers tried this with ten separate sets of data, and each time, they got the right answers.
Contents of the Leak
Every citizen of Bangladesh who is 18 years of age and older, must register and possess a National Identity Card in order to access legal services such as bank accounts, driver's licenses, passports, and lands purchased.
Neither the country's press office(CERT), embassy, or consulate has responded to queries and demands for comments as of present.
When Markopoulos mentioned SQL, a language used for managing database data, he mentioned that he found the data through Google. It is troubling to have private information such as email addresses, phone numbers, and national ID card numbers exposed because it could be used to view, alter, and delete applications as well as view the Birth Registration Record Verification."
Due to the continued availability of the page as well as the Bangladesh government's lack of remarks, TechCrunch will not be naming the official government website.
Related Article : Bangladesh Is On The Path To Becoming An Important Regional Tech Hub