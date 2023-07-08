A Bangladesh government website has leaked the personal data of ‘millions’ of citizens, according to US website TechCrunch.
The leak was discovered by a cybersecurity researcher through a regular Google search, the report says.
Viktor Markopoulos, a researcher for Bitcrack Cyber Security, told TechCrunch he accidentally discovered the leak on Jun 27 and informed the Bangladesh government of the situation through the e-Government Computer Incident Response Team (CERT).
“We are looking into it,” said CERT Project Director Saiful Alam Khan when asked about the incident on Saturday. “We may make a statement to the media later this afternoon.”
The full names, telephone numbers, email addresses, and national ID numbers of Bangladeshi citizens were included in the leak, the TechCrunch report from Thursday said.
Markopoulos told the outlet that finding the data ‘was too easy’.
“It just appeared as a Google result and I wasn’t even intending on finding it. I was Googling an SQL error and it just popped up as the second result,” he told TechCrunch, referring to SQL, a language designed for managing data in a database.”
He warned that the data could “be used in the web application to access, modify, and/or delete the applications as well as view the Birth Registration Record Verification".
TechCrunch says they used 10 different sets of data on the public search tool of the government website and were able to verify the data. The website returned other data contained in the leaked database such as the name of the person who applied to register and, in some cases, the name of their parents.
The publication declined to name the government website as the data is still available online.
The National Identity Card information database is well protected, said Ashok Kumar Debnath, additional secretary at the Election Commission.
“Our database carrying the information of nearly 120 million citizens is very secure,” he said.
“Adequate precautions have been taken to prevent hacking.”
The database contains at least 40 types of data on voters, including their photographs and fingerprints.
In order to receive various government services, the information is verified with over 50 other organisations.