InfoSecBulletin Cybersecurity for mankind
Millions of Bangladeshi citizens’ personal information, including full names, phone numbers, email addresses, and national ID numbers, was accidentally leaked through a government website. The breach was initially discovered by Viktor Markopoulos, a researcher employed at Bitcrack Cyber Security, who promptly notified the Bangladeshi e-Government Computer Incident Response Team (CERT) upon making the finding according to the report.
TechCrunch independently confirmed the legitimacy of the leaked data by utilizing a portion of it to query a public search tool on the affected government website. The website provided additional details from the compromised database, such as the applicant’s name and, in certain instances, the names of their parents. To ensure accuracy, TechCrunch repeated this process with ten different data sets, each time receiving correct information.
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
xAI Dev Leaks API Key for Private SpaceX, Tesla & Tweeter
Out of concern for ongoing data availability, TechCrunch has chosen not to disclose the name of the government website. Despite reaching out to various Bangladeshi government organizations via email to alert them of the data exposure and request comments, no responses have been received at the time of reporting.
In Bangladesh, every citizen aged 18 and above is issued a mandatory National Identity Card that assigns a unique identification number. This card grants individuals access to numerous services, including obtaining a driver’s license, passport, engaging in land transactions, opening bank accounts, and more.
Requests for comments from Bangladesh’s CERT, the government’s press office, its embassy in Washington, D.C., and its consulate in New York City have gone unanswered.
Markopoulos expressed surprise at how effortlessly he stumbled upon the leaked data, stating, “It just appeared as a Google result, and I wasn’t even intending on finding it. I was searching for an SQL error, and it unexpectedly emerged as the second result.” SQL is a language designed for managing database information.
The exposure of email addresses, phone numbers, and national ID card numbers is deeply concerning. Markopoulos also highlighted the potential risks associated with this type of information, which could be exploited to gain unauthorized access, manipulate applications, delete records, or even view the Birth Registration Record Verification within the web application.
Source: Techcrunch
