An alleged breach of the National Identity Management Commission server has exposed over three million National Identity Numbers of Nigerians.
According to Sahara Reporters, a hacker known as Sam broke into the server and stole vital information belonging to millions of Nigerians.
Revealing how easy it was for him to breach the NIMC server and access the personal information of millions of Nigerians in an article he shared on infosecwriteups.com, the hacker boasted that he got access to “juice” on the Nigerian Government agency’s server and that he could go-ahead to do whatever he desired with other sensitive data at his disposal.
Displaying a defaced National Identity card of a Nigerian alongside the article, the hacker said, “I’ve got one more output for s3 bucket, I casually tried to access it without any hope, and damn! The s3 bucket is full of juice.
“I just simply got access to their (Nigeria) data of internal files, users, and everything they have. I can download everything, even the whole bucket.
I am sure that the bucket is full of juice.“I wanted to look at more files but as we have to follow bug bounty rules I stopped doing more.
“I’ve got one more s3 bucket with nuclei and it also contained about 4–5 gigs of data.
“I’ve rewarded 5250$ for only one report and 0$ for the second one even it contained so much sensitive data,” the hacker wrote in the article that has continued to generate reactions from some Nigerians on Twitter especially tech enthusiasts.
A user on the micro-blogging platform with the handle @isidags while reacting to the development said, “I’m shocked Nigerians are shocked.
“Seems you people don’t know the government and country you’re involved with.
“Another user known as @boluxxxx while commenting said, “Jokes aside, this is enough reason for Buhari to sack Pantami.
“Berating Nigeria’s weak cyber security, another Twitter user, @bespokeKENErd, said, “It was only a matter of time before this happened.
“Nigeria’s information security is ridiculously lax. So careless with sensitive data.”@St_Gothica while reacting to the issue said, “This is exactly why I never wanted to do the NIN registration. Delayed it as long as I could.
“Another Twitter user, @The_Jonathanian, said, “Somebody should tell Sheik Pantami that the most sensitive data of Nigerians under his care have been compromised and floating in the wild.”
The hacking of the NIMC server has not only exposed Nigeria’s weak cyber security but also highlighted the danger the country’s residents and investments were currently under.
The latest cyber attack comes less than two months after the Nigerian Communications Commission in November 2021 issued a warning that an Iranian hacking group was planning to carry out cyber espionage across Africa.
A statement from the agency had further disclosed that the hackers were targeting telecoms, Internet Service Providers, and Ministries of Foreign Affairs in Nigeria and other African countries.
Meanwhile, the National Identity Management Commission (NIMC) says its servers have not been breached but operating at the highest international security levels.
This is contained in a statement issued by the Director-General of NIMC, Mr. Aliyu Aziz on Tuesday in Abuja.
”We have gone great lengths to ensure the nation’s database is adequately secured and protected especially given the spate of cyber-attacks on networks across the world,” he said.
He was reacting to a hacker identified as Sam who on Monday claimed he successfully breached the server of NIMC.
“Over the years, through painstaking efforts, NIMC has built a robust and credible system for Nigeria’s identity database.
“The Commission and its infrastructure are certified to the ISO 27001:2013 Information Security Management System Standard which are revalidated annually,” he said.
Aliyu said NIMC also ensured maximum security of its systems and database because of the critical nature of the identity data which the Commission collects, manages and maintains as critical assets for the country.
”The commission assures the public that it will continue to uphold the highest ethical standards in data security on behalf of the Federal Government and ensure compliance with data protection and privacy regulations.
”The commission does not use nor store information on the AWS cloud platform.
”We don’t store information in any public cloud in spite of the usefulness of the NIMC Mobile App that is available to the public for accessing their NIN on the go,” he said.
The public may recall that the Ministry of Communications and Digital Economy through NIMC launched the Tokenization features of the NIN verification service.
He said Tokenisation was to safeguard the personal data of individuals and ensure continuous user rights and privacy.
“In compliance with the mandatory use of NIN for government services, the Commission also appreciates the concerted efforts of several Federal Government agencies such as the Joint Admissions and Matriculation Board and the Federal Road Safety Corps.
Others include the Nigeria Immigration Services; Pension Commission; the Nigeria Police Force; the Nigeria Correctional Service; the Nigeria Customs and a host of others.
He said most of these agencies have streamlined their services in line with the NIN as the valid means of identification, “Aliyu said.
