Subscribe to Virus Experts – We Make Your Digital Life Secured RSS FeedSubscribe to Virus Experts – We Make Your Digital Life SecuredComments FEED

Browse > Home /

Transport website leaking private information of 168,000 passengers

May 19, 2010 by admin  
Filed under Security News

Leave a Comment

A hacker called “ins3ct3d” has demonstrated that he can access the personal information of 168,000 users of public transport in The Netherlands via an insecure website.

 

A campaign to encourage residents living in the provinces of Gelderland, Overijssel and Flevoland to use public transport has been promoting a website called “Experience the OV” at www.ervaarhetov.nl, which allows people to request a card allowing them to try out public transport travel for free.

 

However, as magazine Webwereld reports, a simple SQL injection attack allowed “ins3ct3d” to access how to access the personal information of subscribers – including names, addresses, birth dates, email addresses and phone numbers.

 

The hacker, who has chosen to remain anonymous, demonstrated the attack to the magazine by accessing the personal data of one of Webwereld’s reporters.

 

Explaining his reason for exposing the security vulnerability, “ins3ct3d” explained that he felt compelled to warn his fellow citizens as long as the government continues to use unsafe systems. “This time it’s sensitive personal data, next time your fingerprints or EPD,” he said.

 

(EPD is the Electronische Patientdossier.. I guess I don’t need to give a translation of that for you to realise why that’s not data you want falling into the wrong hands).

 

There’s no confirmation that banking data was exposed, but there were fields in the databases for ID card numbers, payment agreements and so forth. At the request of Webwereld, the hacker did not retrieve more data, so there’s no telling if any of these fields had been filled.

 

Webwereld contacted the authorities, and the website is currently “temporarily unavailable”:

temporarily unavailable website Transport website leaking private information of 168,000 passengers

I guess we should all breath a sigh of relief that, in this instance, the hack appears to have orchestrated with the interests of exposing poor security, rather than stealing users’ data and identities. Hopefully this incident might play some smart part in raising awareness around the world of the need to ensure your website is coded securely, and not at risk of leaking sensitive information.

 

By Graham Cluley, Sophos

 

Tags: , , , , , , , , , , , , , , , ,

Removal tool for Mal/FakeAV-BW, Generic FakeAlert!hr, Packed.Win32.Krap.an (winupdate.exe, exec.exe, ppal.exe, MSe5ad.exe) Malware

May 9, 2010 by admin  
Filed under Removal Tips,Tools and Videos

Leave a Comment

 

 

Packed.Win32.Krap .an Removal tool for Mal/FakeAV BW, Generic FakeAlert!hr, Packed.Win32.Krap.an (winupdate.exe, exec.exe, ppal.exe, MSe5ad.exe) Malware

 

 

 

Read more

Tags: , , , , , , , , , , ,

New malware attack infecting Web sites

June 3, 2009 by admin  
Filed under Security News

Leave a Comment

090325 worm2 New malware attack infecting Web sites

Security firm Websense has put out an advisory warning Web site owners about malicious code that redirects surfers to seemingly safe sites.

Read more

Tags: , , ,