NIMC allays fear of hack, database breach, says server ‘optimally secure’

The National Identity Management Commission (NIMC) has allayed fears of the citizenry over the safety and security of its database which hosts millions of data of Nigerians.

This was contained in a statement issued on Tuesday by the NIMC Director-General, Aliyu Abubakar, in the wake of claims by a hacker identified as Sam who disclosed that he managed to infiltrate the Commission’s servers.

According to Sam, he discovered a bug on the NIMC server which made it easier to access the personal information of millions of people.

In a series of tweets, the hacker said, “As usual, I am hunting for something in the source code of the application, As the scope is huge, So I collected all the applications and decompiled them all at once with apktool with this command: find . -iname “*.apk” -exec apktool d -o {}_out {} \;

“Now I started to look for something juicy in decompiled files, but as there are about 50+ applications, I can’t look at each of them manually right? I just got an idea of nuclei, and boom I knew there are templates for android applications, I just downloaded them and, started nuclei on the whole directory,

“After 18–19 mins of a run, Nuclei gave an output saying S3 Bucket Found, I tried to access it via AWS CLI, and it’s like: Acess denied, No luck there.

READ ALSO: NIMC Lagos office shut after staff allegedly contracts COVID-19

“Then after a few mins of running, I’ve got one more output for s3 bucket, I casually tried to access it without any hope, and damn! the s3 bucket is full of juice.

“And I was just like: I just simply got access to their data of internal files, Users, and everything they have, I can download everything, Even the whole bucket.”

However, in its statement, the NIMC DG debunked Sam’s claims, noting that its servers were not breached.

“The National Identity Management Commission (NIMC) wishes to inform the public that its servers were not breached but are fully optimised at the highest international security levels as the custodian of the most important national database for Nigeria.

“The NIMC Director-General stated that the Commission does not use nor store information on the AWS cloud platform or any public cloud despite the usefulness of the NIMC Mobile App available to the public for accessing their NIN on the go,” the statement reads.

Join the conversation

Opinions

Support Ripples Nigeria, hold up solutions journalism

Balanced, fearless journalism driven by data comes at huge financial costs.

As a media platform, we hold leadership accountable and will not trade the right to press freedom and free speech for a piece of cake.

If you like what we do, and are ready to uphold solutions journalism, kindly donate to the Ripples Nigeria cause.

Your support would help to ensure that citizens and institutions continue to have free access to credible and reliable information for societal development.

Donate Now