May 8, 2008
Tip and Trick Editorial

Not a Hack: Lahore Electric Supply Companies (LESCO) Website Privacy Leaks

Lahore Electric Supply Companies (LESCO) is a major electricity power provider in Lahore region of Pakistan. LESCO’s main official website which is used for public access is located at, but apparently LESCO has another web site probably for support staffs and personnels or for training purpose, which allowed everybody from public to ‘hack’ into, and access supposedly private and confidential data. (But who cares about privacy in Pakistan?)

The website of Lahore Electric Supply Companies that has major security flaw and privacy leaks is located at To ‘hack’ the website, simply browse to LESCO Human Resource Management System via Customer Service link at You don’t even need any skill to hack the website. The login page has User ID (which is Guest) and password nicely filled in. Just hit “Enter Now !” button to log in to the system.

LESCO Lahore Backend System Hack Login

After logging in, ‘hacker’ can find various LESCO customers’ information from database (looks like is MySQL) such as name, address and phone number. Also available is application for electricity connection, date of application, status, next course of action and electricity load. (If you apply to LESCO and heard no news, this hack for you!) Best of all, search functions is provided.

LESCO Customer Details

LESCO Consumers Search

From the design of the website, with failed MySQL commands and broken links which link to, which probably is the developer for the site, is probably still in construction, and not mean for public access. We inclined to believe that the website is mainly used by LESCO staffs for training purpose and not as their back-end system, in view of the poor security measure. But why the true live data of customers is been used as the sample is out of comprehension, which conveniently provide backdoor access for those want to gather these information.

Probably this is the style of doing work in South Asia part of the world, but does Pakistan has nuclear weapon? Can nuclear weapon of mass destruction be trusted to someone who can’t even protect personal data, albeit only name, address and phone of its own citizens?

Pin It on Pinterest

Share This

Share This

Share this post with your friends!