CloudSEK, a prominent AI-driven cybersecurity firm, has disclosed a significant security breach within the infrastructure of the Bangalore Water Supply and Sewerage Board (BWSSB). This breach has compromised the sensitive personal information of more than 290,000 residents of Bangalore, stemming from a discovery that root access to BWSSB’s database was being peddled for a mere $500 on illicit online forums.
The ramifications of this incident raise critical concerns regarding the protection of public utility data and the potential for extensive misuse of citizens’ information. CloudSEK’s investigation timeline reveals negligence in security protocols, notably highlighted by an April 10, 2025, alert from their platform, XVigil. This alert pointed out a post from a threat actor, known as pirates_gold, who claimed to possess unrestricted access to BWSSB’s database. Disturbingly, this access was easily obtained through exposed administrative credentials and a publicly available login portal.
CloudSEK’s STRIKE Team traced the vulnerability back to a public .env file containing unencrypted MySQL credentials, combined with the presence of an internet-facing Adminer interface, a database management tool. These misconfigurations enabled the attacker to gain full administrative control without the need for sophisticated hacking techniques. The implications of such unfettered access are substantial; the attacker could manipulate, delete, or exfiltrate critical data, including payment records, service applications, and citizen grievances.
The data exposed during this breach encompasses 291,212 user records, which include full names, contact numbers, residential addresses, Aadhaar numbers, email addresses, and other sensitive application details. The potential fallout could manifest in several forms, such as targeted phishing attacks exploiting verified personal information, disruption of essential services due to malicious alterations in operational databases, and a significant erosion of public trust in the digital services provided by civic agencies.
Sourajeet Majumder, a researcher at CloudSEK, emphasized the human aspect of this breach, noting that behind each compromised record lies an individual who relies on public institutions to safeguard their data. This incident serves as a critical reminder for public sector organizations to prioritize cybersecurity measures to prevent such breaches from harming their citizens.
The adversary, identified as pirates_gold, demonstrates a pattern of activity that includes targeting various sectors such as e-commerce, healthcare, and finance since September 2024. With over 39 posts on dark web forums, this entity represents a new category of cybercriminal: opportunistic, motivated, and quick to exploit vulnerabilities. CloudSEK’s intelligence suggests that the threat actor has a history of targeting organizations across different regions, including Uzbekistan, Brazil, and Southeast Asia, indicating a broader trend of increasing cyber threats.
In light of this breach, CloudSEK has outlined several immediate recommendations for BWSSB. They insist on a comprehensive security audit of all systems to identify vulnerabilities, a rapid revocation and replacement of any exposed credentials, and the urgent need to restrict public access to administrative interfaces such as Adminer. This incident accentuates the importance of a robust cybersecurity framework, particularly within public sector institutions that manage vast amounts of sensitive citizen data.
This breach illustrates a significant vulnerability within the infrastructure of public services, calling attention to the urgent need for enhanced cybersecurity readiness in organizations responsible for safeguarding citizen information. CloudSEK believes that proactive threat monitoring, secure coding practices, and stringent data handling protocols are essential to mitigate future risks. As part of their responsible disclosure protocol, CloudSEK has notified all relevant entities affected by this breach.
