CloudSEK, a leading AI-driven cybersecurity firm, has revealed a critical breach in the infrastructure of the Bangalore Water Supply and Sewerage Board (BWSSB). The breach has left sensitive personal data of over 290,000 Bangalore residents vulnerable, after direct root access to BWSSB’s database was found being sold by a cybercriminal for just $500 on underground forums.

The discovery raises serious concerns about the security of public utilities and the potential for widespread misuse of citizens’ personal information.

CloudSEK’s Investigation: A Timeline of Neglect

On April 10, 2025, CloudSEK’s proprietary digital risk monitoring platform XVigil flagged a post by a threat actor identified as pirates_gold, offering unrestricted access to BWSSB’s database. What makes this incident particularly disturbing is how easily this access was obtained – through exposed credentials and a publicly accessible admin login portal.CloudSEK’s STRIKE Team traced the breach back to a publicly accessible .env file, containing plaintext MySQL credentials, alongside an internet-facing Adminer interface, commonly used for managing databases. These misconfigurations gave the attacker full administrative control, without any need for advanced hacking tools.

Despite the simplicity of the breach, the implications are profound: access to the database means the attacker could alter, delete, or steal critical records such as payment data, service applications, and citizen grievances.

The Data at Stake:

• 291,212 user records, including:
  • Full Name
  • Phone Number
  • Complete Address
  • Aadhaar Number
  • Email ID
  • Other sensitive application details

Potential Consequences:

• Targeted phishing attacks on citizens using their verified personal data.
• Disruption of essential services, as attackers could manipulate BWSSB’s operational databases.
• Erosion of public trust in digital services offered by civic bodies.

A Human Cost Behind the Data

“This isn’t just about numbers. Behind each exposed record is a person – someone who trusts public agencies to safeguard their information. This breach is a wake-up call for public sector institutions to prioritize cybersecurity before citizens pay the price,” said Sourajeet Majumder, CloudSEK researcher.The breach illustrates how even basic oversights, like exposed configuration files, can be exploited by threat actors, often with devastating consequences for everyday people.

Who is Behind the Breach?

The perpetrator, pirates_gold, is no novice. Active since September 2024, this individual has targeted organizations across e-commerce, healthcare, and finance sectors globally. With 39+ posts on dark web forums and a growing reputation, pirates_gold exemplifies a new breed of cybercriminal – motivated, opportunistic, and fast-moving.

CloudSEK’s intelligence indicates that pirates_gold has previously targeted companies in Uzbekistan, Brazil, and Southeast Asia, making this breach part of a broader pattern. (For More Information, Read The Full Report)

CloudSEK’s Recommendations for Immediate Action:

1. Full Security Audit: BWSSB must assess all systems for vulnerabilities and potential backdoors.
2. Credential Rotation: Every exposed or potentially compromised credential must be revoked and replaced immediately.
3. Lock Down Admin Interfaces: Public access to tools like Adminer should be disabled or heavily restricted.

Why This Matters – A Call to Action for Public Sector Cybersecurity

This breach underscores a larger issue – the cybersecurity readiness of public institutions that hold vast amounts of citizen data. The incident at BWSSB is not an isolated one, but a symptom of a growing vulnerability in public service infrastructure.

CloudSEK urges government bodies to adopt proactive threat monitoring, secure coding practices, and strict data handling policies to prevent such breaches. As part of responsible disclosure, CloudSEK has notified all affected and relevant entities about the breach.