GNCTD Data Breach


Oct 29, 2004
Delhi Citizens Data Leak - Security Discovery

On Feb 19, 2019, I have discovered a MongoDB that required no password. The database was located in an India region which (along with other data) also contained highly sensitive information collected on 458,388 individuals located in Delhi. A 4.1GB-sized database had been indexed by Shodan and was left unattended for public access.

The database was named “GNCTD” which also stands for Government of National Capital Territory of Delhi and contained the following collections and records:

EB* Registers
EB Users (14,861)
Households (102,863)
Individuals (458,388)
Registered Users (399)
Users (2,983)