Over three million National identity number of Nigerians, warehoused in the National Identity Management Commission (NIMC), has allegedly been stolen following a reported hack of the Agency’s server on Monday.
NIMC records indicates that over 60 million Nigerians have so far been captured on the national identity database.
According to Sahara Reporters, the hacker boasted that he got access to “juice” on the Nigerian Government agency’s server and that he could go ahead to do whatever he desired with other sensitive data at his disposal.
Revealing how easy it was for him to breach the NIMC server and access personal information of millions of Nigerians in an article he shared on infosecwriteups.com, the hacker boasted that he got access to “juice” on the Nigerian Government agency’s server and that he could go ahead to do whatever he desired with other sensitive data at his disposal.
Displaying a defaced National Identity card of a Nigerian alongside the article, the hacker said, “I’ve got one more output for s3 bucket, I casually tried to access it without any hope, and damn! The s3 bucket is full of juice.
“I just simply got access to their (Nigeria) data of internal files, users and everything they have. I can download everything, even the whole bucket. I am sure that the bucket is full of juice. I wanted to look at more files but as we have to follow bug bounty rules I stopped doing more. I’ve got one more s3 bucket with nuclei and it also contained about 4–5 gigs of data.
“I’ve rewarded 5250$ for only one report and 0$ for the second one even it contained so much sensitive data,” the hacker wrote in the article that has continued to generate reactions from some Nigerians on Twitter especially tech enthusiasts.
According to the report, a user on the micro-blogging platform with the handle @isidags while reacting to the development said, “I’m shocked Nigerians are shocked. Seems you people don’t know the government and country you’re involved with.”
Another user known as @boluxxxx while commenting said, “Jokes aside, this is enough reason for Buhari to sack Pantami.”
Another Twitter user, @bespokeKENErd, who dec Nigeria’s weak cyber security, said, “It was only a matter of time before this happened. Nigeria’s information security is ridiculously lax. So careless with sensitive data.”
@St_Gothica said, “This is exactly why I never wanted to do the NIN registration. Delayed it as long as I could.”
The hacking of the NIMC server has not only exposed Nigeria’s weak cyber security but also highlighted the danger the country’s residents and investments were currently under.
Recall that the Nigerian Communications Commission in November 2021 issued a warning that an Iranian hacking group was planning to carry out cyber espionage across Africa.
Comment here