NIMC debunks hacker’s claim

In the early hours of Monday, January 17 2022, a hacker named “Sam” claimed to have hacked the National Identity Management Commission’s (NIMC) website, having access to private government information and likewise over three million National Identity Numbers.

Sam revealed this via infosecwriteups.com and boasted that he could do as he pleased with the data at his disposal. He embedded a National Identity card of a Nigerian and wrote “I’ve got one more output for s3 bucket, I casually tried to access it without any hope, and damn! The s3 bucket is full of juice.

“I just simply got access to their (Nigeria) data of internal files, users and everything they have. I can download everything, even the whole bucket. I am sure that the bucket is full of juice.

“I wanted to look at more files but as we have to follow bug bounty rules I stopped doing more. “

I’ve got one more s3 bucket with nuclei and it also contained about 4–5 gigs of data.“

I’ve rewarded 5250$ for only one report and 0$ for the second one even it contained so much sensitive data.” 

NIMC Reacts…

The news of the hacker generated tons of reactions especially on Twitter. However, the NIMC debunked his claims, affirming that the agency operates at the highest international security levels. 

In a recent statement signed by the Director-General of NIMC, Mr Aliyu Aziz, ”we have gone great lengths to ensure the nation’s database is adequately secured and protected especially given the spate of cyber-attacks on networks across the world,” he said. 

“Over the years, through painstaking efforts, NIMC has built a robust and credible system for Nigeria’s identity database.

“The Commission and its infrastructure are certified to the ISO 27001:2013 Information Security Management System Standard which are revalidated annually,” he added.

According to Aliyu, the NIMC also ensures maximum security of its systems and database because of the critical nature of the identity data which the Commission collects, manages and maintains as critical assets for the country.

”The commission assures the public that it will continue to uphold the highest ethical standards in data security on behalf of the Federal Government and ensure compliance with data protection and privacy regulations.

”The commission does not use nor store information on the AWS cloud platform.

”We don’t store information in any public cloud in spite of the usefulness of the NIMC Mobile App that is available to the public for accessing their NIN on the go,” Aziz assured.

Exit mobile version