The issue of data security has been at the forefront since the federal government introduced the national identity database.

In December 2021, Isa Pantami, minister of communications and digital economy, had announced that 71 million Nigerians had been captured on the database.

As more Nigerians registered, is the NIN database free from hackers?

On Monday, a hacker identified as Sam claimed he successfully found a bug on the server of Nigeria’s National Identity Management Commission (NIMC) — revealing how easy it was for him to breach the server and access the personal information of millions of people.

According to Sam, he came across these data while sourcing for something else to help him decompile some applications he was working on.

“As usual, I am hunting for something in the source code of the application, As the scope is huge, So I collected all the applications and decompiled them all at once with apktool with this command: find . -iname “*.apk” -exec apktool d -o {}_out {} \;” he said.

“Now I started to look for something juicy in decompiled files, but as there are about 50+ applications, I can’t look at each of them manually right? I just got an idea of nuclei, and boom I knew there are templates for android applications, I just downloaded them and, started nuclei on the whole directory,

"After 18–19 mins of a run, Nuclei gave an output saying S3 Bucket Found, I tried to access it via AWS CLI, and it’s like: Acess denied, No luck there.

“Then after a few mins of running, I’ve got one more output for s3 bucket, I casually tried to access it without any hope, and damn! the s3 bucket is full of juice.

“And I was just like: I just simply got access to their data of internal files, Users, and everything they have, I can download everything, Even the whole bucket.”

The hacker also posted the data he obtained in the process — a copy of the national identity slip from NIMC but defaced it to hide vital information.

A security expert explained that Amazon secures S3 buckets by default but for a bucket to be publicly accessible to any hacker, as was the case with Sam, someone must have leaked it.

Hours later, the hacker recanted that the leaked sever was not from any Nigerian portal but Tecno Mobile.

He said he reported the case to Tecno, and the bug fixed.

He also edited the article published on Medium and removed a copy of the national ID posted as a screenshot in the story — but failed to explain why he mentioned Nigeria’s ID database in the previous version.

Speaking with TheCable on the development, Boye Adegoke, senior program manager at Paradigm Initiative, said there is the possibility of negligence on the part of NIMC.

“If the story is true, it is negligence on the part of NIMC, but what is more worrisome is the fact that after this, what happens next? Are we going to talk and act as if nothing happened? Will someone get punished?” Adegoke asked.

The data privacy activist noted that the approach and attitude of NIMC toward the management of national data is poor.

“I wouldn’t really be surprised if this is true because I have always believed that the cyber security approach and our attitude show we don’t understand the process and how it works,” he added.

In a statement on Tuesday, NIMC said its servers are secure for identity management and optimised.

“The National Identity Management Commission (NIMC) wishes to inform the public that its servers were not breached but are fully optimised at the highest international security levels as the custodian of the most important national database for Nigeria,” the statement reads.

“The NIMC Director-General stated that the Commission does not use nor store information on the AWS cloud platform or any public cloud despite the usefulness of the NIMC Mobile App available to the public for accessing their NIN on the go.”

https://www.thecable.ng/hacker-boasts-of-gaining-access-into-nimc-servers-then-recants-hours-later

Previous thread https://www.nairaland.com/6933011/hacker-breaks-into-nimc-server

We all know the FG doesn't own up to any claim. Even if the news was true, they'll still deny it .

Lies from the pit of hell
Their servers were hacked

Cover up

Ok

LIES

Hmmm

I suspected that it was fake news as usual. Government should step up action against fake news as the 2023 election approaches.

This govt n lies be like Tinubu n 2023 ambition.

Then give us our cards?

They've just confirmed that it has been hacked.

Nigerians and believing everything negative about her country. It is well.

If I hear

Your thumb + my thumb = change

Thank God they now know attempts are being made at hacking the servers. Abeg Pantami should keep our data safe.

Lies as usual from Lai Mohammed

Same lies they will hand over to Tinubu

A country gone to the dogs

Damnnn niggar

I know sahara reporters are full of shit

Let the Wannabe redpiller keep deceiving himself..na so e easy to hack nimc wey hold millions of people information..
He hacked nothing..he's only good at making mouth online just like his cohorts here..

OK

..
..
Everything in Nigeria is just “NONSENSE And DENIALS”..
They would rush and do Nonsense first, and when the repercussions come, they start to Deny.
..
..

This files contains very sensitive info about Nigerians and should be protected at all cost.

Sahara reporters and fake news are like dis:

Oh sorry they were.

A politician just harvested enough data for campaign

Hnn

A politician has just harvested enough personal data for his campaign

Instead of them to figure out what's going on with the claim, they are denying. Even US government servers are breached.

Who the hell is Nimc to claim they can't be hacked.

Mtcheww they have contacted the hacker and paid him to say this shit .. Nigerian database are available in black market.

Lol. Optimised...

If you know, you know.