Each notice page carried a note at the top, which advised the staff members to log in to their respective profiles under the PMIS system with their unique ID as username and date of birth as passkey. It is a common notion in the IT industry that when initial login credentials are made for a large pool of people, they should use the passkey for once and change it immediately, preferably a combination of alphanumeric numbers and special characters. Due to the strict nature of the Digital Security Act, bdnews24.com did not test whether a successful login can be made with those credentials. However, on the very same day, a senior official of the department, who declined to disclose his identity due to the sensitive nature of the revelation, confirmed that to the best of his knowledge, a large number of the staff members had not changed their respective passkeys, which means anyone with the public spreadsheet could log into the PIMS database and can steal sensitive tender and government procurement information. bdnews24.com reached out to the RHD Chief Engineer, Syed Moinul Hasan, about the list and sent the URL link of the notice upon his request.

Source: bd News24 July 13, 2023 08:45 UTC