This article, “Somalia’s eVisa Breach: A Second Look,” by Abdi Daud, discusses a serious data breach of Somalia’s eVisa/etas website, which exposed the personal data of thousands of individuals, including intelligence officers, diplomats, aid workers, and ordinary citizens (even children).
Here’s a breakdown of the key points:
-
Severity: The breach is considered a major security threat, likened to an “electronic nuclear bomb” due to the sensitive nature of the exposed data. Several countries, including the US and UK, have issued warnings.
-
Ongoing Vulnerability: As of November 16, 2025, the system remains vulnerable, and passport information is still easily accessible.
-
Consequences for Victims: Individuals whose data was leaked face lifelong consequences, including increased scrutiny from immigration officials and the need to constantly prove their identity.
-
Somalia’s Patron State Problem: The breach creates opportunities for intelligence units from different countries with influence in Somalia (Turkey, Qatar, UAE, US, and EU) to access each other’s data.
-
Technical Failures: The author, a technologist who advised shutting down the platform, highlights the system’s insecurity and the possibility of intentional backdoors.
-
Data Quality Issues: The system accepts fake IDs and fabricated information, demonstrating a lack of validation and highlighting the system’s overall dysfunction.
-
Call to Action: The author urges the FBI to shut down the server immediately, citing child safety, intelligence, and criminal concerns.
-
Attribution: The author denies any involvement in the breach, clarifying their role as a cybersecurity professional focused on preventing such attacks.
The complete analysis piece is as follows:
Somalia’s eVisa Breach: A Second Look
By Abdi Daud
The Somalia eVisa breach is not merely a data leak; it is an electronic nuclear bomb in the Horn of Africa’s security landscape. As detailed in my previous analysis, this compromise exposes intelligence officers, diplomats, aid workers, and thousands of ordinary civilians, including children.
After four days of reporting, this breach is now accepted as fact. Several countries, including the United States and United Kingdom embassies, have published official warnings about the data breach, confirming the severity of the compromise.
A Breach That Never Ended
The system remains compromised. As of 16 November 2025, anyone without sophisticated hacking skills can still access random passport information directly from the Somalia eVisa/etas website. The recent changes that were introduced are easily bypassed. A seven-year-old child’s full passport details remain accessible to anyone who knows where to look.
This is not only about intelligence officers whose careers are now destroyed. It is about children and women whose safety is being ignored while officials worry only about security personnel. It is profoundly irresponsible to maintain this fiction while vulnerable people remain exposed.
Permanent Consequences
Every individual whose data was exposed now faces lifelong consequences. Immigration officers around the world will treat them with increased suspicion; not because of anything they have done, but because their identity documents have been weaponised. Enhanced screening, biometric re-verification, and permanent security flags will follow them for life. They will have to continually prove they are the real person, not an imposter using stolen credentials.
If your data was exposed:
- Contact your passport office immediately
- You will need to change your passport
- Consider changing move houses (since addresses are also leaked)
Somalia’s Patron State Problem
Somalia exists as a salad of patron states: Turkey, Qatar, the UAE, the United States, and the European Union. Each maintains its own intelligence operation. The breach has created a unique situation where intelligence units from different patron states can drill into each other’s data. What used to be compartmentalized is now a free-for-all intelligence environment.
The Technical Reality
I was among several technologists who advised shutting down this Breach-as-a-Service platform. The warnings were ignored. With a system this insecure, the breach was a matter of when, not if. Some loopholes may have even been left open intentionally for certain actors, which is a disturbing possibility given the geopolitical environment.
The Data Quality Problem
The leaked dataset is not a clean list of 35,000 legitimate records. It includes fake IDs, joke names, and obvious fabrications. The system performs no validation at all and will accept passport forms regardless of authenticity. This exposes another layer of dysfunction; Somalia’s eVisa/etas platform cannot tell the difference between a real application and nonsense.
However, anyone with the full data dump can quickly identify the genuine entries with basic filtering. The presence of fake entries does not protect the victims. It only highlights the system’s complete failure at every level. I know with certainty that legitimate applications are included because I have personally verified the presence of applications from friends and family members in the exposed dataset.
Action Required Now
The server is hosted in the United States. The FBI should shut it down immediately. This is not simply a sovereignty matter; it is a child safety crisis, an intelligence catastrophe, and an ongoing crime against thousands of civilians.
A note on attribution: There are rumors suggesting I am behind this breach. To be clear: I am not a hacker. My professional role involves securing systems from hackers, which is entirely different work. The actual attackers have already identified themselves through anonymous accounts on social media platforms.
About the Author
Abdi Daud
Technologist & Somaliland Advocate
Abdi Daud is a Melbourne-based technologist and passionate advocate for Somaliland. His blog offers a unique perspective on technology, politics, and life experiences, with a focus on Somaliland’s journey toward recognition and the intersection of technology with geopolitics. He believes in technology’s transformative power and the importance of amplifying underrepresented voices. As a Cultural Ambassador for the Association of Somaliland Community in Australia, he strengthens cultural ties between Somaliland and Australia.
| X |
