Over 5 crore Bangladeshi citizens' data 'remains exposed' online
An alleged security exploit in a Bangladeshi government website has resulted in the exposure of sensitive personal information belonging to millions of Bangladeshi citizens on the internet. The leaked data includes names, birth dates, and National Identification (NID) numbers of over 50 million users which is alledgedly easily accessible through a simple Google search.
TechCrunch initially reported the breach, which was discovered on June 27 by Viktor Markopoulos, a researcher from Bitcrack Cyber Security, a computer security solutions firm based in South Africa.
In a conversation with The Daily Star, Viktor Markopoulos confirmed that the website in question is a Bangladeshi government website with a ".gov.bd" domain. He revealed that the leaked records were applications for government services, as they contained information such as transaction IDs and amounts paid by applicants.
Markopoulos also mentioned that he had attempted to contact the Bangladeshi e-Government Computer Incident Response Team (BGD e-GOV CIRT) multiple times after discovering the leak but received no response. BGD e-GOV CIRT is the govt agency responsible for receiving, reviewing, and responding to digital security incidents and activities.
However, when Mohammad Saiful Alam Khan, Project Director of BGD e-GOV CIRT, was contacted, he informed The Daily Star that CIRT was not aware of any such issues and had not flagged any breaches.
The Daily Star independently verified the claims by analysing the information shared by Victor Markopoulos. He also stated that the data is still available online. Due to sensitivity at this stage of reporting, The Daily Star has chosen not to publicly disclose the name of the website.