Independent. Uncensored. | Investigative Reports.


No Hacker Accessed Database of 71million Nigerians – NIMC

NIMC clears air on 7.9m NIN of Nigerians missing from database

Posted: January 11, 2022 at 9:32 am   /   by   /   comments (0)

The National Identity Management Commission, NIMC, has denied that any hacker found his way into the servers of the commission.

The issue of data security has been at the forefront since the federal government introduced the national identity database.

The Minister of Communications and Dugital Economy, Isa Pantami sometimes in December 2021, announced that 71 million Nigerians had been captured on the database.

Meanwhile, on Monday, the hacker identified as Sam reportedly claimed that he successfully found a bug on the server of NIMC.

Standard Chartered Bank To Shut Down Half Of Nigeria Branches

Sam revealed how easy it was for him to breach the server and access the personal information of millions of people.

He noted that he came across these data while sourcing for something else to help him decompile some applications he was working on.

“As usual, I am hunting for something in the source code of the application, As the scope is huge, So I collected all the applications and decompiled them all at once with apktool with this command: find . -iname “*.apk” -exec apktool d -o {}_out {} \;” he said.

“Now I started to look for something juicy in decompiled files, but as there are about 50+ applications, I can’t look at each of them manually right? I just got an idea of nuclei, and boom I knew there are templates for android applications, I just downloaded them and, started nuclei on the whole directory,

“After 18–19 mins of a run, Nuclei gave an output saying S3 Bucket Found, I tried to access it via AWS CLI, and it’s like: Acess denied, No luck there.

“Then after a few mins of running, I’ve got one more output for s3 bucket, I casually tried to access it without any hope, and damn! the s3 bucket is full of juice.

“And I was just like: I just simply got access to their data of internal files, Users, and everything they have, I can download everything, Even the whole bucket.”

The hacker also posted the data he obtained in the process, a copy of the national identity slip from NIMC but defaced it to hide vital information.

Meanwhile, in a statement on Tuesday, NIMC said its servers are secure for identity management and optimised.

“The National Identity Management Commission (NIMC) wishes to inform the public that its servers were not breached but are fully optimised at the highest international security levels as the custodian of the most important national database for Nigeria,” the statement reads.

“The NIMC Director-General stated that the Commission does not use nor store information on the AWS cloud platform or any public cloud despite the usefulness of the NIMC Mobile App available to the public for accessing their NIN on the go.”

Newsletter subscribe
giweather WordPress widget