Bahrain Government Portals: 15,500 Accounts Leaked on Dark Web
On October 26, 2024, an unidentified threat actor published a credential dump containing over 15,500 Bahraini government service portal accounts on a prominent dark web forum.
The posting was accompanied by a statement referencing "a recent controversy"--language suggesting politically motivated action rather than purely financial cybercrime. The dumped credentials consisted of usernames and passwords for citizen-facing digital government services.
KEY FACTS
- .What: 15,500+ government portal credentials published on dark web forum.
- .Who: Bahraini citizens using e-government services (~2.2% of nationals).
- .Data Exposed: Usernames, passwords, and likely CPR national ID numbers.
- .Outcome: No public acknowledgment or enforcement by Bahraini authorities.
WHAT WAS EXPOSED
- .Usernames and passwords for 15,500+ government service portal accounts
- .Likely exposure of CPR (Central Population Registry) numbers used as universal national identifiers
- .Potential access to personal profiles within government portals including names, dates of birth, addresses
- .Potential access to government correspondence, tax records, and utility payment histories
- .Possible gateway to healthcare records accessible through government health service portals
With ~700,000 Bahraini nationals, 15,500 compromised accounts represents approximately 2.2% of the national citizen population. The PDPA has statutory authority to impose fines up to BD 20,000 per violation or BD 1,000 per day for ongoing non-compliance.
SOURCES
Daily Dark Web, Bahrain PDPL (Law No. 30/2018), Bahrain eGovernment Authority, Information & eGovernment Authority