Published On: July 31st, 20232.8 min read

Recently, the personal data of millions of residents, including complete names, phone numbers, email addresses, and national ID numbers, was leaked from a Bangladesh government website. Viktor Marcopoulous, a cybersecurity expert, found the breach through a routine Google search. On June 27, the researcher identified the leak and immediately alerted the Bangladeshi e-Government Computer Incident Response Team (CERT). (Reference: Tech Crunch)

How Did the Data Leak Happen

Analysts discovered some basic technical principles were ignored in the main structure of this site after much speculation. Because the creators did not incorporate permission procedures, anyone with no credentials could read the data. Data Leak | Nascenia Tech Blog

Victor Markopoulos explained that he became intrigued about why a country’s government website was so vulnerable and discovered various irregularities in the URL. He said, “The URL had the word ‘register’ instead of a number but there should have been a number. Then I changed the word to a number and saw that it was actually a record of a person from Bangladesh. More information began to emerge as I added numbers to that number.”

In the conventional procedure, barriers should have been put in place so that only the data owner could see his or her data. Another issue arose upon sending OTP. The OTP was constantly sent late and could thus be evaded.

Overall, it is an example of bad security practice implementation. Following conventional procedures would have been sufficient to prevent this disastrous breach.

Aftermath

The Bangladesh government has moved quickly to identify the source of a data breach that compromised the personal information of over 50 million residents. Analysts say the leak is an indictment of the government’s IT infrastructure in particular, emphasizing the necessity for a public-sector security overhaul.

Consequence

Exposure of email addresses, phone numbers, and national ID card numbers is bad enough, but this information might also be utilized in the web application to access, amend, and/or delete applications, as well as examine the Birth Registration Record Verification. Data misuse can result in identity theft, financial fraud, and cybercrime.

Analysts believe that this data will be used in a variety of ways, particularly in the economic sector. Perpetrators can use this information to impersonate someone or commit fraud. Given the importance of our economic infrastructure, particularly digital banking, and MFS, these data are used to validate an identity. Small-scale fraudulent activities are projected to increase in the coming years.

How Nascenia navigates through this type of pitfalls in software making

Cyber Security | Data Leak | Nascenia

Nascenia follows Zero Trust Architecture in software making to prevent this type of data leak. ZTA is a cybersecurity approach that authenticates and authorizes every interaction between a network and a user or device. 

It is based on zero-trust principles that move defenses from static, network-based perimeters to focus on users, assets, and resources. ZTA aims to reduce a network’s attack surface, prevent lateral movement of threats, and lower the risk of a data breach.

Alongside this, Nascenia also adheres to the standard use of encryption. So, even if the worst should happen, that data would be useless in the wrong hands. Secure your software with Nascenia and implement Zero Trust to safeguard against data breaches.

Contributors: Md. Shafayet Jamil and Syed Rizwan, Software Engineer, Nascenia

Share it, Choose Your Platform!

More to Explore

The Quest for Knowledge Continues. Fuel Your Curiosity.