The breach occurred due to an exposed .env file with plaintext MySQL credentials, enabling full database access without advanced hacking, underscoring how minor security missteps can lead to major vulnerabilities in public systems
A major cybersecurity breach has compromised the personal data of over 290,000 residents of Bangalore through a vulnerability in the Bangalore Water Supply and Sewerage Board (BWSSB) systems. CloudSEK, a cybersecurity firm, discovered that a cybercriminal was offering root access to BWSSB’s database for just $500 on dark web forums. The exposed data includes sensitive information such as full names, phone numbers, addresses, Aadhaar numbers, email IDs, and other personal application details.
This breach highlights significant concerns about the security of public sector systems, particularly those handling citizens' sensitive data. The breach could have serious consequences for the privacy of the affected individuals, as well as public trust in digital systems.
How the breach happened
The breach was first identified by CloudSEK’s XVigil platform on April 10, 2025, when it flagged a post by a cybercriminal identified as pirates_gold, offering unrestricted access to the BWSSB database. Investigations revealed that the attack was made possible due to exposed database credentials and a publicly accessible Adminer interface for managing databases.
The root cause of the breach was traced to an exposed .env file containing plaintext MySQL credentials. This simple misconfiguration allowed the attacker to gain full administrative control over the database without the need for sophisticated hacking tools. This incident serves as a stark reminder of how even basic security oversights can lead to significant vulnerabilities.
Sensitive data at risk
The breach exposed the personal information of 291,212 residents, including full names, phone numbers, addresses, Aadhaar numbers, email IDs, and additional application-specific data. This information can be exploited for phishing attacks, identity theft, and fraud. Additionally, the attacker could have altered or deleted critical records related to BWSSB’s operations, potentially disrupting essential public services like water supply and sewage management.
Sourajeet Majumder, a CloudSEK researcher, emphasized the human cost of the breach, stating, “Behind each exposed record is a person who trusted a public institution with their sensitive data. This breach should serve as a wake-up call for public agencies.”
Who is behind the breach?
The cybercriminal behind the breach, pirates_gold, has been active since September 2024 and has previously targeted organizations in sectors like e-commerce, healthcare, and finance. Known for offering access to compromised systems on dark web forums, pirates_gold has also targeted entities in Uzbekistan, Brazil, and Southeast Asia, indicating that this breach is part of a larger pattern of attacks on public institutions.
Urgent remedial measures
In response to the breach, CloudSEK has recommended several immediate actions for BWSSB:
· Conduct a full security audit to identify vulnerabilities and patch them.
· Rotate all compromised credentials to prevent further exploitation.
· Restrict public access to admin tools like Adminer to reduce the risk of unauthorized access.
A call for stronger cybersecurity
This breach highlights the vulnerability of public sector organizations that hold large amounts of citizen data. As more services become digitized, it is crucial for public institutions to adopt stronger cybersecurity practices, proactive threat monitoring, and secure data handling procedures to protect citizens' privacy. CloudSEK has notified the relevant authorities and is working to mitigate the breach’s impact, underscoring the need for urgent action in securing public sector data.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
