Millions of user’s data on the National Identification Number (NIN) enrollment scheme may have been exposed due to an unsecured cloud storage provision allegedly used in warehousing the data, Exclusive Africa findings reveal.
According to details gathered on an online platform, InfoSec Writeups, a developer simply identified as Sam in a post titled ‘A TALE OF 5250$: HOW I ACCESSED MILLIONS OF USER’S DATA INCLUDING THEIR NATIONAL ID’S’, shared how he cracked open a treasure trove of data while he was casually hunting for something in the source code of an application.
According to him, seeing that the scope was huge, he decided to attempt cracking it open to see what he could find therein. He stated that shortly after he collected all the applications, decompiled them and ran some checks, he realized the storage was filled with tons of data which in this case turned out to be a database of millions of NIN registration data.
”I just simply got access to their data of internal files, Users, and everything they have, I can download everything, Even the whole bucket.
”Here is just a glimpse of the data: Now I am damn sure that the bucket is full of juice. Ahh, I wanted to look at more files but as we have to follow bug bounty rules I stopped doing more and directly reported to the team,” he writes
It is however not yet clear just how much of a breach this is and if in actual fact there has been a breach on the NIN database server.
Enrollment for the NIN was recently extended by the Federal Government through the Federal Ministry of Communications and Digital Economy.
The National Identification Number (NIN) is a project of the National Identity Management Commission [NIMC] operates and regulates matters of national identity in Nigeria with services covering National Identification Number (NIN) enrolment and issuance, National e-ID card issuance, identity verification as well as data harmonization and authentication.
