𝗿𝘂𝗺𝗲𝘂𝗿 𝗱𝗲 𝗿𝗲𝗳𝘂𝗴𝗲 𝘁𝗲𝗿𝗿𝗼𝗿𝗶𝘀𝘁𝗲 𝗲𝗻 𝗖𝗼̂𝘁𝗲 𝗱’𝗜𝘃𝗼𝗶𝗿𝗲

https://www.facebook.com/61574823177426/posts/122178226664827439/?mibextid=rS40aB7S9Ucbxw6v
#VDLV #InfoVsIntox #StopIntox #SécuritéCI #FDS #VDP #TerrorismeCI #FactCheck #FactChecking

📌 𝐃𝐨𝐮𝐠𝐛𝐨 / 𝐟𝐫𝐨𝐧𝐭𝐢𝐞̀𝐫𝐞 𝐍𝐨𝐫𝐝 : 𝐚𝐫𝐫𝐞𝐬𝐭𝐚𝐭𝐢𝐨𝐧 𝐝𝐞 𝟏𝟐 𝐕𝐃𝐏 𝐛𝐮𝐫𝐤𝐢𝐧𝐚𝐛𝐞̀ ?

https://www.facebook.com/61574823177426/posts/122174571812827439/?mibextid=rS40aB7S9Ucbxw6v
#BurkinaFaso #VDP #Tougbo #FrontiereNord #Sahel #InfoOuIntox #VDLV #Cybersecurite

Full High Stakes #VDP Rankings reshuffle
@[email protected] @[email protected] @[email protected]

https://ftnfantasy.com/fantasy/mlb/vdp-rankings

📌 𝐁𝐮𝐫𝐤𝐢𝐧𝐚 𝐅𝐚𝐬𝐨 : 𝐮𝐧 𝐭𝐞𝐫𝐫𝐢𝐭𝐨𝐢𝐫𝐞 𝐞𝐧 𝐩é𝐫𝐢𝐥 𝐞𝐭 𝐮𝐧 𝐩𝐨𝐮𝐯𝐨𝐢𝐫 𝐨𝐜𝐜𝐮𝐩é à 𝐥𝐚 𝐝é𝐬𝐢𝐧𝐟𝐨𝐫𝐦𝐚𝐭𝐢𝐨𝐧

https://www.facebook.com/share/p/17cMvrcnaP/
#VDLV #SécuritéBurkina #TerrorismeSahel #CIVforte #StopIntox #VDP #FDS #CoopérationRégionale #BurkinaFragile #CIVSécurisée

📌 𝗜𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗼𝘂 𝗶𝗻𝘁𝗼𝘅 ? 𝗟𝗮 𝗖ô𝘁𝗲 𝗱’𝗜𝘃𝗼𝗶𝗿𝗲 𝘀𝗲𝗿𝗮𝗶𝘁 𝗱é𝗽𝗮𝘀𝘀é𝗲 𝗳𝗮𝗰𝗲 𝗮𝘂𝘅 𝗺𝗲𝗻𝗮𝗰𝗲𝘀 𝘁𝗲𝗿𝗿𝗼𝗿𝗶𝘀𝘁𝗲𝘀 𝗲𝘁 𝗮𝘂𝘅 𝗶𝗻𝗰𝘂𝗿𝘀𝗶𝗼𝗻𝘀 𝗱𝗲𝘀 𝗩𝗗𝗣 ?

https://www.facebook.com/share/p/17focx4cao/
𝗟𝗮 𝗯𝗼𝗻𝗻𝗲 𝗶𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗰𝗿é𝗱𝗶𝗯𝗶𝗹𝗶𝘀𝗲 𝗹𝗲 𝗺𝗲𝘀𝘀𝗮𝗴𝗲.
#InfoVsIntox #SécuritéNationale #FrontièresCI #VDP #Terrorisme #FactCheckingCI #PaixEtVérité 🇨🇮

🇧🇩 Today I'm going to talk about Bondstein Technologies Limited, a company based in Dhaka, Bangladesh. One of their servers was found to be completely open and unprotected.

Bondstein Technologies Limited is a Dhaka-based technology company specializing in Internet of Things (IoT) solutions and frontier technologies. Founded in 2014, it has established itself as a leading player in Bangladesh for vehicle tracking, industrial automation, and smart connectivity.

What data was exposed?

On December 26, 2025, I discovered that the server was exposing a 22 GB SQL backup file. According to the file timestamps and metadata, this backup appears to have been publicly accessible since at least July 2025.Among the files in the backup was users.sql, which contained the following sensitive fields:

username, customer_name, First_name, Last_name, Phone_number, Additional_contact-number, email, password.

*I was able to confirm that some of the employee names were real.

Additional findings:

The exposed server's IP resolved to a properly certified HTTPS server using a subdomain under .bondstein.net. The same IP also hosted a login portal (which I did not attempt to access).With this information, we were able to accurately identify the owner and submit a responsible disclosure.

Notification:

All of this was detailed in the email I sent to several Bondstein employees on December 26, 2025. When I checked again on January 5, 2026, the exposure had been fully closed. I followed up via email to inquire about any possible reward. On January 6, they replied with the following message:

Hi Chum1ng0,

Thank you for your responsible and detailed disclosure regarding the open directory issue on our server. We sincerely appreciate you taking the time and effort to notify us of this vulnerability, which allowed us to address it quickly. Your commitment to ethical research is truly valued. We want to confirm that the issue has been fixed and access has been restricted. We would also like to clarify that the server you identified is a staging server kept for internal purposes, and not a production environment. Regarding your request for a reward, we currently do not have an official bug bounty program in place. However, we are grateful for your help in securing our infrastructure.

We appreciate your patience and look forward to potentially collaborating in the future should we establish a formal program.

Sincerely
Bondstein

-NOT REWARD-

#VDP #responsibleDisclosure #misconfigurations #Bangladesh #cybersecurity #bondstein