Suspected hackers allegedly broke into the National Identity Management Commission's (NIMC) system and stole three million Nigerians' National Identity Numbers.
In an article published on a website, the hacker revealed how simple it was for him to infiltrate the NIMC system and gain access to the personal information of millions of Nigerians. According to the report, the hacker boasted that he gained access to "juice" on the server of a Nigerian government agency and that he could do anything he wanted with other sensitive material at his disposal.
The hacker was reported to have written alongside the article on a defaced National Identity Card of a Nigerian:
"I've got one more s3 bucket output, and I casually tried to access it with no luck, and dammit! The s3 bucket is brimming with juice. I simply gained access to all of their (Nigeria) internal files, users, and other information. I have access to anything, including the entire bucket. I'm certain the bucket is overflowing with juice.
I wanted to look at more files, but we had to stick to the bug bounty restrictions, so I didn't. I have one additional s3 bucket with nuclei, which held roughly 4–5 gigabytes of data.
I only gave 5250 dollars for one report and 0 dollars for the second, despite the fact that it contained so much important information."
The latest cyber attack comes a little over two months after the Nigerian Communications Commission warned that an Iranian hacking organization was planning cyber espionage across Africa in November 2021.
The hackers were also targeting telcos, Internet Service Providers, and Ministries of Foreign Affairs in Nigeria and other African countries, according to a statement from the agency.
The national identity database has so far recorded almost 60 million Nigerians.
This development has elicited no response from NIMC, Minister of Communications and Digital Economy, Dr Isa Pantami or any government official as at Press time.©Standard Gazette, 2021. Unauthorized use and/or duplication of this material without express and written permission from this site’s publisher is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Standard Gazette with appropriate and specific direction to the original content.