RSS

Adama City Government Exposes 29 GB of Sensitive Ethiopian Citizens' Data

news_rt1 pts0 comments

Adama City Government Exposes 29 GB of Sensitive Ethiopian Citizens’ Data

Home

Indexes

My methodology

Blog

Contact

Adama City Government Exposes 29 GB of Sensitive Ethiopian Citizens’ Data

newschu<br>June 18, 2026

RESUME<br>This report discloses a significant security misconfiguration involving a publicly exposed server belonging to the Adama City Government digital platform in Ethiopia. The server contained approximately 29 GB of highly sensitive personal data belonging to Ethiopian citizens. Following responsible disclosure efforts, the server was eventually taken offline. However, no response or acknowledgment was received from any Ethiopian authority involved.

About the Adama Platform

The Adama City platform is the official integrated digital portal for government services in Adama, Ethiopia. It was developed to automate administrative procedures and enhance transparency, accessibility, and efficiency in local governance.

Main services offered include:

Adama City OSS : One-stop shop for common citizen procedures.

Investment System : Management of projects and licenses for local and foreign investors.

e-trade & E-commerce : Tools for digitizing commerce and transactions in the region.

CashBook System : Internal financial and accounting system.

Land Management : Land management and administration of the urban cadastre.

Discovery of the Exposed Server

On April 20, 2026 , during a routine security investigation, an unprotected server belonging to the Adama City platform was discovered. The server contained approximately 29 GB of sensitive data, primarily consisting of ZIP archives and PDF/PNG documents.

Nature of the Exposed Data

The server had been publicly accessible since at least March 23, 2026 . The exposed information included highly sensitive personal and civil records of Ethiopian citizens, such as:

Birth certificates<br>Marriage certificates<br>Land records<br>National identification documents<br>Citizens’ profile photographs<br>Social assistance records

All documents were in PDF and PNG formats, with multiple backup copies in ZIP format.

Examples of exposed documents (translated from Afaan Oromoo):

Adama's citizens' profile photos of exposed faces on his platform.

Other documents displayed included citizens' identifications.

These documents are birth certificates , which include serial number, photo, father's name, grandfather's name, date of birth, birth certificate number, places of registration and birth, nationality, official seals of the civil registry agency, and signature . The second image shows a social assistance file from Adama for Ethiopian citizens, which includes full name, age, sex, and telephone number . And the third image shows a marriage certificate , which displays information such as the wife's full name, the husband's full name, date of birth, place of birth, address, nationality, the names of each person's father and mother, and witnesses .

Risks<br>The public exposure of this data posed severe risks to the affected citizens, including:

Identity theft and impersonation<br>Document forgery<br>Social engineering and phishing attacks<br>Blackmail or extortion<br>Unauthorized sale of data on the dark web<br>Compromise of personal privacy on a massive scale

Responsible Disclosure Timeline<br>For our part, we had to protect the data as soon as possible in order to resolve the problem of the exposed server. We contacted the company via email from the following date:

On April 20, 2026 , I sent a formal notification via email to the official information address of the Adama City Government , detailing the exposure of their server and the presence of approximately 29 GB of sensitive data belonging to Ethiopian citizens. A copy of the same notification was also sent to the Information Network Security Administration (INSA) , Ethiopia’s national cybersecurity authority.Despite the critical nature of the issue, neither the Adama City Government nor INSA provided any response or took action to restrict public access to the server.

Given the complete lack of response from both the municipal authority and the national cybersecurity agency, I escalated the matter on May 20, 2026 , by contacting Ethio Telecom , the internet service provider, informing them of the situation affecting their client and requesting urgent intervention to block the exposed server.

On June 15, 2026 , I verified that the server had finally been blocked. However, no acknowledgment or response was received from any of the parties involved.

Technical Recommendations

Immediate Actions:

Disable public access and directory listing on all servers.<br>Implement strong authentication mechanisms (multi-factor authentication, IP whitelisting, or VPN access).<br>Remove or migrate all sensitive data to secure, encrypted environments.<br>Replace public file access with signed URLs or temporary access tokens.

Best Practices for Sensitive Data:

Never store personal or civil records on publicly accessible servers.<br>Implement encryption at rest...

adama data server citizens city sensitive

Related Articles

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

German ruling declares Google liable for false answers in AI Overviews

ahlCVA15 ptsgoogle court search overviews content users

Britain Became as Poor as Mississippi

SanjayMehta15 ptsbritain mississippi next financial crisis self
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.