The database contains a wide range of personal information, including names, professions, blood groups, parents’ names, phone numbers, call durations, vehicle registrations, passport details, and fingerprint photos. However, this isn’t just your typical database leak—these categories of information are all associated with a database held by an intelligence agency.
Over the past few months, the National Telecommunication Monitoring Center (NTMC), an intelligence agency in Bangladesh responsible for collecting people’s cell phone and internet activity, has been making people’s personal information publicly available through an unsecured database linked to its systems. Recently, anonymous hackers attacked this exposed database, erasing details and claiming to have stolen the trove of information.
WIRED has confirmed the authenticity of a sample of real-world names, phone numbers, email addresses, locations, and exam results included in the data. However, the exact nature and purpose of the amassed information is unclear, as some entries appear to be test information, incorrect, or partial records. Despite this, the NTMC and other officials in Bangladesh have not responded to requests for comment.
This inadvertent disclosure provides some insight into the highly secretive world of signals intelligence and how communications can be intercepted. Viktor Markopoulos, a security researcher for CloudDefense.AI who discovered the unsecured database, commented, “I wouldn’t be expecting this to happen for any intelligence service, even if it’s not really something that sensitive…Even if many data are test data, they still reveal the structure that they’re using, or what exactly it is that they are intercepting or plan to intercept.”
After Markopoulos discovered the exposed database, he traced it back to the NTMC and login pages for a Bangladeshi national intelligence platform. Markopoulos believes the database was likely exposed due to a misconfiguration. The database contains over 120 indexes of data, each storing different logs. Some of the indexes include names such as “sat-phone,” “sms,” “birth registration,” “pids_prisoners_list_search,” “driving_licence_temp,” and “Twitter.” These files contain varying numbers of entries, ranging from a few to tens of thousands.
The majority of the data exposed in the NTMC database is metadata—the powerful “who, what, how, and when” of everyone’s communications. While phone call audio is not exposed, the metadata reveals which numbers may have called others and the duration of each call. This type of metadata can be broadly used to identify patterns in people’s behavior and their interactions.