By Purushottam P. Khatri
Kathmandu, Dec. 23: A few months ago, some e-commerce sites in Nepal, along with internet service providers (ISPs), were hacked and the data of their users were exposed – a security violation called data breach. Other online shopping and food delivery companies, like Daraz, Foodmandu, Vianet and Mercantile, have also faced such incidents.
"Already a global problem, data breaching incidents are on the rise in Nepal. As the cases have risen, they have become headaches for the Nepal Police," Nabindra Aryal, Senior Superintendent of Police (SSP) at Cyber Bureau of Nepal Police, told The Rising Nepal on Tuesday.
"A data breach is an unintentional or intentional leak of private/confidential information of a computer/internet user to an untrusted party, and it can include information, like financial status, health data, personal identification information, trade secrets, etc.," said Bijaya Limbu, an employee with Vairav Technology.
Recently, when the nation was under nationwide lockdown, some cyber networks in the country became the victims of two major data breaches, Limbu added.
"First, a reputed online food delivery service, Foodmandu, was hacked in which over 50,000 users’ data were stolen from the company’s database. The user by the username “me.mugger" claimed to have hacked the network service, according to its Twitter handle. “The hacker went on to explain the reason behind the hacking: to show how vulnerable our security really is," explained Limbu.
Before the incident that befell Foodmandu was put to rest, Vianet, an ISP company, was hacked, too. The scale of the data breach was even larger in comparison to the former -- over 170,000 users’ data were leaked from the hacker’s Twitter account by the name “Narapichas@paapi_kto_mah”.
He said the Digital Nepal Framework of the government of Nepal would not be possible and secured until the government gives proper attention to cybersecurity.
"Such attacks are just a few examples of how vulnerable our cybersecurity really is, and that can be exploited to commit crime of a large scale," said Limbu.
"Rather than just focusing on creating awareness to prevent possible data breach incidents, government must enact specific bylaws alongside taking strong cybersecurity measures," he said, adding, "we all know how to open Facebook and Twitter accounts, as well as chatting and messaging through them, but very few people know how to make those accounts secured from cybersecurity perspective."
"E-commerce sites, online banking transactions, data of various security companies, alongside banks and financial institutions, always top the list of cyber attackers and they always keep themselves prepared in making their prey fall in their networks," Limbu added.