BD govt website leaks citizens’ personal data

BD govt website leaks citizens’ personal data A recent incident involving a Bangladeshi government website has resulted in the exposure of sensitive personal information belonging to citizens.


BD govt website leaks citizens’ personal data

The leaked data includes full names, phone numbers, email addresses, and national ID numbers. This significant security breach was discovered by Viktor Markopoulos, a researcher from Bitcrack Cyber Security, who stumbled upon the leak on June 27.


Realizing the magnitude of the situation, Markopoulos promptly contacted the Bangladeshi e-Government Computer Incident Response Team (CERT) to report the issue. He estimates that the leaked database contains information of millions of Bangladeshi citizens.


Validate the authenticity of the leaked data

In order to validate the authenticity of the leaked data, TechCrunch conducted an independent investigation. By utilizing a portion of the exposed data to query a public search tool on the affected government website, they were able to confirm its legitimacy.


Notably, the search tool returned additional information from the leaked database, such as the names of individuals who had applied for registration, and in some cases, even the names of their parents.


To ensure accuracy, TechCrunch repeated this process with 10 different sets of data, all of which yielded correct results.


BD govt website leaks

TechCrunch has refrained from disclosing the name of the government website involved in this incident. As the leaked data is still accessible online.


Despite reaching out to various Bangladeshi government organizations via email to seek comment and raise awareness about the data exposure. TechCrunch has not received any responses as of yet.

BD govt website leaks

In Bangladesh, every citizen aged 18 and older is issued a National Identity Card. Which assigns a unique ID to each individual. This card is a mandatory document and enables citizens to access a wide range of services.


Including obtaining a driver’s license, passport, engaging in property transactions, opening bank accounts, and more.


Comment from Bangladesh

Requests for comment from Bangladesh’s CERT, the government’s press office, its embassy in Washington D.C., and its consulate in New York City have gone unanswered.


According to Markopoulos, the ease with which he discovered the leaked data was surprising. “It just appeared as a Google result, and I wasn’t even intending on finding it.


I was Googling an SQL error, and it just popped up as the second result,” he explained to TechCrunch. SQL, a language used for managing data in databases, played a crucial role in this security oversight.


BD govt website leaks citizens’ personal data

The severity of this data exposure goes beyond the leaking of email addresses, phone numbers, and national ID card numbers.


Markopoulos highlights that possessing this kind of information could potentially allow unauthorized individuals to manipulate web applications. Gain unauthorized access, modify or delete applications, and even view the Birth Registration Record Verification system.


This incident serves as a stark reminder of the critical importance of robust cybersecurity measures and diligent data protection practices. Especially for government entities entrusted with sensitive personal information.



Leave a Comment