A Bangladeshi authorities web site leaked the non-public info of residents, together with full names, telephone numbers, e mail addresses and nationwide ID numbers. TechCrunch studies: Viktor Markopoulos, a researcher who works for Bitcrack Cyber Safety, stated he unintentionally found the leak on June 27, and shortly after contacted the Bangladeshi e-Authorities Laptop Incident Response Workforce (CERT). He stated the leak consists of knowledge of tens of millions of Bangladeshi residents. TechCrunch was in a position to confirm that the leaked knowledge is reliable by utilizing a portion to question a public search instrument on the affected authorities web site. By doing this, the web site returned different knowledge contained within the leaked database, such because the title of the one who utilized to register, in addition to — in some circumstances — the title of their mother and father. We tried this with 10 completely different units of information, which all returned right knowledge.
TechCrunch is just not naming the federal government web site as a result of the info continues to be accessible on-line, in response to Markopoulos, and we have not heard again from any of the Bangladeshi authorities organizations that we emailed asking for remark and alerting of the info publicity. In Bangladesh, each citizen aged 18 and older is issued a Nationwide Identification Card, which assigns a novel ID to each citizen. The cardboard is obligatory and offers residents entry to a number of providers, corresponding to getting a driver’s license, passport, shopping for and promoting land, opening a checking account, and others.
Markopoulos stated discovering the info “was too simple.” “It simply appeared as a Google consequence and I wasn’t even intending on discovering it. I used to be Googling an SQL error and it simply popped up because the second consequence,” he instructed TechCrunch, referring to SQL, a language designed for managing knowledge in a database. The publicity of e mail addresses, telephone numbers and nationwide ID card numbers is unhealthy by itself, however Markopoulos stated that having any such info might additionally “be used within the net software to entry, modify, and/or delete the purposes in addition to view the Start Registration Document Verification.”
