“It Was Easy”, Hacker Breaks Into NIMC Server, Harvests Over 3 Million Nigerian’s Data

A hacker was said to have hacked into the National Identity Management Commission’s (NIMC) server and stolen three million Nigerian National Identity Numbers.

According to SaharaReporters, the hacker revealed in an article shared on a website how simple it was for him to breach the NIMC server and access personal information of millions of Nigerians.

According to the report, the hacker boasted that he had gained access to “juice” on the Nigerian Government agency’s server and that he could do whatever he wanted with other sensitive data at his disposal.

The hacker was said to have written the article, showcasing a defaced National Identity card of a Nigerian.

He wrote in the article, “I’ve got one more output for s3 bucket, I casually tried to access it without any hope, and damn! The s3 bucket is full of juice. I just simply got access to their (Nigeria) data of internal files, users, and everything they have. I can download everything, even the whole bucket. I am sure that the bucket is full of juice.

“I wanted to look at more files but as we have to follow bug bounty rules I stopped doing more. I’ve got one more s3 bucket with nuclei and it also contained about 4–5 gigs of data.

“I’ve rewarded 5250$ for only one report and 0$ for the second one even it contained so much sensitive data.”

The recent data breach comes just over two months after the Nigerian Communications Commission warned that an Iranian hacking group was planning cyber espionage across Africa in November 2021.

The hackers were also targeting telecoms, ISPs, and foreign ministries in Nigeria and other African countries, according to a statement from the agency.

This development has elicited no response from NIMC. Also, the national identity database has so far registered over 60 million Nigerians.