Bangalore Water Supply and Sewerage Board Database Sold Online at $500

CloudSEK has revealed a critical breach in the infrastructure of the Bangalore Water Supply and Sewerage Board (BWSSB). The breach has left sensitive personal data of over 290,000 Bangalore residents vulnerable, after direct root access to BWSSB’s database was found being sold by a cybercriminal for just $500 on underground forums.

On April 10, 2025, CloudSEK’s proprietary digital risk monitoring platform XVigil flagged a post by a threat actor identified as pirates_gold, offering unrestricted access to BWSSB’s database.

What makes this incident particularly disturbing is how easily this access was obtained – through exposed credentials and a publicly accessible admin login portal.

This breach underscores a larger issue – the cybersecurity readiness of public institutions that hold vast amounts of citizen data. The incident at BWSSB is not an isolated one, but a symptom of a growing vulnerability in public service infrastructure.

CloudSEK’s STRIKE Team traced the breach back to a publicly accessible .env file, containing plaintext MySQL credentials, alongside an internet-facing Adminer interface, commonly used for managing databases. These misconfigurations gave the attacker full administrative control, without any need for advanced hacking tools.

Despite the simplicity of the breach, the implications are profound: access to the database means the attacker could alter, delete, or steal critical records such as payment data, service applications, and citizen grievances. 

The Data at Stake:

• 291,212 user records, including:
  
  
  • Full Name
  • Phone Number
  • Complete Address
  • Aadhaar Number
  • Email ID
  • Other sensitive application details 
     

Potential Consequences:

• Targeted phishing attacks on citizens using their verified personal data.
• Disruption of essential services, as attackers could manipulate BWSSB’s operational databases.
• Erosion of public trust in digital services offered by civic bodies.
   

A Human Cost Behind the Data

“This isn’t just about numbers. Behind each exposed record is a person – someone who trusts public agencies to safeguard their information. This breach is a wake-up call for public sector institutions to prioritize cybersecurity before citizens pay the price,” said Sourajeet Majumder, CloudSEK researcher.

The breach illustrates how even basic oversights, like exposed configuration files, can be exploited by threat actors, often with devastating consequences for everyday people.

Who is Behind the Breach?

The perpetrator, pirates_gold, is no novice. Active since September 2024, this individual has targeted organizations across e-commerce, healthcare, and finance sectors globally. With 39+ posts on dark web forums and a growing reputation, pirates_gold exemplifies a new breed of cybercriminal – motivated, opportunistic, and fast-moving.

CloudSEK’s intelligence indicates that pirates_gold has previously targeted companies in Uzbekistan, Brazil, and Southeast Asia, making this breach part of a broader pattern.