NIMC website hacked, millions of NIN belonging to Nigerians stolen

NEWS DIGEST – Not less than three million National Identity Numbers of Nigerians have been reportedly stolen by an internet fraudster who broke into the website belonging to the National Identity Management Commission popularly known as NIMC.

NIMC is the body charged with the registration of National Identity Numbers (NIN) in the country. Nigerians have been forced to register for their NIN as failure to do so will lead to deactivation of sim cards.

However, the hacker disclosed how he gained access to the NIMC website in an article and posted on his Twitter page: @InfoSecComm.

READ ALSO: NIMC debunks report of server breach

The hacker revealed that he can however proceed with the hacked NIN to do whatever he likes with them and any other sensitive data with him.

The hacker displayed a covered NIN belonging to a Nigerian in the article titled:  “A TALE OF 5250$ : HOW I ACCESSED MILLIONS OF USER’S DATA INCLUDING THEIR NATIONAL ID’S”

He said; “I just simply got access to their (Nigeria) data of internal files, users and everything they have. I can download everything, even the whole bucket. I am sure that the bucket is full of juice.

“I wanted to look at more files but as we have to follow bug bounty rules I stopped doing more.

“I’ve got one more s3 bucket with nuclei and it also contained about 4–5 gigs of data.

“I’ve rewarded 5250$ for only one report and 0$ for the second one even it contained so much sensitive data.”

On the 4th of January, 2021, a Twitter user with the handle @xymbiz, had complained of the inability of NIMC to differentiate between those working with the commission and those who are bystanders at NIMC registration centres to illegally get sensitive information of Nigerians.

He tweeted, “Hello @nimc_ng, I’ve noticed there are so many registration points for NIN. How can one verify they are legitimate?”

“This people collect a lot of personal information and they can’t even produce a means of identification indicating they are affiliated or in partnership with you.”

“This is a big problem because I’ve seen cases of NIN not recognised and this may be one of the issues.”

“Some of them get angry when you ask them for a means of identification.”