The official website of the National Identity Management Commission (NIMC) has gone down as Nigerians struggle to obtain their National Identity Number (NIN). The website has been down since the late hours of Monday. It was also reported how hundreds of people gathered at a registration office in Lagos Monday; as residents struggled to register for the NIN.
This followed a directive by the government; for Nigerians to link their NINs to their telecommunication SIM cards within two weeks. That deadline has now been extended by a minimum of three weeks; this is according to a NCC statement. NIMC had shut down its Lagos centre; citing a large number of people converging there who refused to adhere to the COVID-19 protocols.
But an even bigger concern is that of a breach on the website; which has remained, for the most, under wraps.
Reporting on it, DIGISS LCC on LinkedIn revealed the following, “Last week we reported an alleged breach of NIMC’s database; containing over 37 million sensitive records of Nigerians. The objective was to get NIMC to promptly investigate this news item; and take appropriate remedial actions where required. But we heard that NIMC chose to ignore the report. And so we dug further to determine the veracity of the claim; and we found overwhelming evidence that supports the claim. Every key attribute of the NIN slip is contained in the database dump.
“Recall that several news outlets warned not to use the NIMC app in August 2020. We believe that the attacker compromised the backend database of the buggy NIMC’s mobile app; which had since been pulled. We obtained sample data; from the hacker who wants over $1100 for the full records. We found several security weaknesses; which may have been easily exploited by miscreants to breach NIMC’s records. But that information will remain highly confidential for obvious reasons.”