NTS Exposes Extremely Private Data of Every Applicant Out in the Open!

Another day, and we have another local firm that isn’t taking its privacy seriously. NTS, the leading testing service in the country, is exposing private information of each and every applicant out in the open world wide web.

This information stored on NTS servers, for several hundred thousand students, is exposed to the world that includes extremely private data including names, father name, passwords, home addresses and what not.

The information which can be accessed is as follows:

  • Deposit ID
  • Name
  • Father Name
  • Email
  • NIC
  • Password
  • Auth ID
  • Test City
  • Subject
  • Passport
  • Gender
  • Date of Birth
  • Address
  • City
  • District
  • Mobile Phone

We do not want to publicize the exact format of the URL due to the sensitive nature of the information but here’s a screenshot.

We were able to access information of hundreds of candidates and we are sure that anyone with moderate technical knowledge could quickly build a database with the available data.


Frankly, it is absolutely incredible that an organization raking in money by the bucket loads can’t even be bothered to properly secure its servers. Even if they do, there must be a better way to store information than in plain text PDFs, that are easily accessible.

Security is often not even factored into the equation in most companies. Quality assurance is one of the most critical areas for any organization that relies on the internet or computers and it’s time that fact is widely recognized in Pakistan.

We call upon NTS to give due attention to this matter and resolve this gaping security hole at once.

No wonder you will see tons of ads on this semi government website, hinting that the people running and maintaining this website are more concerned about the money and not about the look and feel and other important aspects of the website.

Thank you Ali for tipping us on this.

  • Although you have not published the full url here, but anyone with little knowledge about web can easily find all this data, It will take few code changes to secure this data, But I know they will still not do anything, just like many other organisation in Pakistan, no one cares to protect personal data of their users . :(

  • NTS should be ban in Pakistan and shut it down its leeching money from every one with no cause

    • 100% agree…its bulsh*t service..they just earning money i was thinking about why no one talks about NTS so called service who is just earning money nothning more…..nice to c this post..

  • You know what’s even more interesting? Most of us have just one password for all the accounts.. so i wont be surprised if the password used over there would be the same password of their email, facebook and other important accounts..

  • The Web Developer Don’t know How to Prevent a Directory Listing of Your Website.

    BTW I have got the list :D

  • Wow what a find! pretty easy to get the list.
    And most notrious ppl must have taken it.

  • NTS is a subsidiary of COMSATS which claims to be the best IT university of Pakistan, to phir best IT university ne kesa diya?!

  • For NAB recruitment, they registered 75000 candidates on just 200 seats. Each candidate had to submit 500- Approx for the test. so total earning for NTS was 37,500,000-. The test based on mathematics , english nothing related to the post and your qualification Good job Govt. of Pakistan!

    • almost every university earns the same amount of money during admission process every year. do you go against all universities? do u sue them? do you stop getting admissions in those universities?

  • I just found a file that has over 180,000 Records of just one Position Oh God they have it in excel all the data with cell no. to address and what not. They should be sued

  • Just visited their websites from mobile. Its full of annoying ads, popups and nothing else. Never seen this on any govt/institutional website before. The webmaster should be investigated.

  • NTS, should be banned and an alternative service should be offered my cousin has spend lots of money on these tests, and gets nothing, he has applied for various govt. jobs clears the test but some times doesnt come on merit or whatever. NTS is leech it is sucking money out of our people. True that NTS is “Employment for the unemployed”.

  • This is totally unacceptable! A few simple steps can avoid such disaster, but they have other priorities than securing people’s data. Govt should implement data/privacy regulations and take serious action against such organizations.

  • It just boggles my mind of the idiocracy in Pakistan. Although the pdf(s) are not Hot-linked any more but a google webcache is still present. And we all know, female(s) details will be most people after…

  • #WTF
    I tired two random ids and was able to login successfully. I can’t believe this. Just imagine what those evil minds will do.
    We should tell our friends who appeared in NTS to change their password immediately.

  • @syed_talal You should have removed the .pdf from link, kindly remove that now and delete this comment after…
    All of the data is still accessible, if you can contact nts then you should definitely approach.

  • close