CloudSEK has revealed a critical breach in the infrastructure of the Bangalore Water Supply and Sewerage Board (BWSSB). The breach has left sensitive personal data of over 290,000 Bangalore residents vulnerable, after direct root access to BWSSB’s database was found being sold by a cybercriminal for just $500 on underground forums.
The discovery raises serious concerns about the security of public utilities and the potential for widespread misuse of citizens’ personal information.
CloudSEK's Investigation: A Timeline of Neglect
On April 10, 2025, CloudSEK’s proprietary digital risk monitoring platform XVigil flagged a post by a threat actor identified as pirates_gold, offering unrestricted access to BWSSB’s database. What makes this incident particularly disturbing is how easily this access was obtained – through exposed credentials and a publicly accessible admin login portal.
CloudSEK’s STRIKE Team traced the breach back to a publicly accessible .env file, containing plaintext MySQL credentials, alongside an internet-facing Adminer interface, commonly used for managing databases. These misconfigurations gave the attacker full administrative control, without any need for advanced hacking tools.
Despite the simplicity of the breach, the implications are profound: access to the database means the attacker could alter, delete, or steal critical records such as payment data, service applications, and citizen grievances.
The Data at Stake:
291,212 user records, including:
Full Name
Phone Number
Complete Address
Aadhaar Number
Email ID
Other sensitive application details
Potential Consequences:
Targeted phishing attacks on citizens using their verified personal data.
Disruption of essential services, as attackers could manipulate BWSSB’s operational databases.
Erosion of public trust in digital services offered by civic bodies.
A Human Cost Behind the Data
“This isn’t just about numbers. Behind each exposed record is a person – someone who trusts public agencies to safeguard their information. This breach is a wake-up call for public sector institutions to prioritize cybersecurity before citizens pay the price,” said Sourajeet Majumder, CloudSEK researcher.
The breach illustrates how even basic oversights, like exposed configuration files, can be exploited by threat actors, often with devastating consequences for everyday people.
Who is Behind the Breach?
The perpetrator, pirates_gold, is no novice. Active since September 2024, this individual has targeted organizations across e-commerce, healthcare, and finance sectors globally. With 39+ posts on dark web forums and a growing reputation, pirates_gold exemplifies a new breed of cybercriminal – motivated, opportunistic, and fast-moving.
CloudSEK's Recommendations for Immediate Action:
Full Security Audit: BWSSB must assess all systems for vulnerabilities and potential backdoors.
Credential Rotation: Every exposed or potentially compromised credential must be revoked and replaced immediately.
Lock Down Admin Interfaces: Public access to tools like Adminer should be disabled or heavily restricted.
𝐒𝐭𝐚𝐲 𝐢𝐧𝐟𝐨𝐫𝐦𝐞𝐝 𝐰𝐢𝐭𝐡 𝐨𝐮𝐫 𝐥𝐚𝐭𝐞𝐬𝐭 𝐮𝐩𝐝𝐚𝐭𝐞𝐬 𝐛𝐲 𝐣𝐨𝐢𝐧𝐢𝐧𝐠 𝐭𝐡𝐞 WhatsApp Channel now! 👈📲
𝑭𝒐𝒍𝒍𝒐𝒘 𝑶𝒖𝒓 𝑺𝒐𝒄𝒊𝒂𝒍 𝑴𝒆𝒅𝒊𝒂 𝑷𝒂𝒈𝒆𝐬 👉 Facebook, LinkedIn, Twitter, Instagram
