iTWire

Home Business IT Security Melbourne schoolboy hacks Public Transport Victoria site
×

Warning

JUser: :_load: Unable to load user with ID: 3653

Melbourne schoolboy hacks Public Transport Victoria site

Melbourne schoolboy hacks Public Transport Victoria site Featured

Victoria's public transport system is under attack but not from the opposition or commuters - a Melbourne schoolboy has exposed a security flaw in its website.

16 year old Joshua Rogers, a self-described white-hat hacker, told Fairfax and ABC he found the database of people who used the old Metlink online store by chance.

Metlink was the Transport Department's ''shop front'' for public transport users before Public Transport Victoria's formation in 2012. An estimated 600,000 entries were found in the database.

"I was actually looking for the cost of Boxing Day tickets and Christmas Day tickets and found an error on the website," Rogers told the ABC.

"Just from basic instinct I knew what the error meant and how it could be leveraged for database access."

Rogers told the news outlet the issue was poor worksmanship from whoever had designed the PTV website.

"50% of all websites are vulnerable to this type of attack and it's purely from lazy coding," he said.

"When companies take money from the development side and just pocket it themselves.

"They just don't invest enough money in security. Absolutely easy to fix. But you just have to know what to do."

A spokesperson for PTV told reporters it has fixed the problem and has referred the matter to Victoria Police.

"PTV takes security breaches very seriously and has referred the matter to Victoria Police for investigation and to Privacy Victoria," he said.

"PTV can confirm that this is the only known attack on its website.

"Customers can rest assured that the database is in no way linked to myki online accounts and no useable credit card details were stored in the database."

The news comes amid massive attacks late last year on Adobe, which was described as the "worst of its kind in 10 years."

CDAO SYDNEY TURNS 5 IN 2019

With 50+ Speakers, 300+ senior data and analytics executives, over 3 exciting days you will indulge in all things data and analytics before leaving with strategic takeaways that will catapult you ahead on your journey

· CDAO Sydney is designed to bring together senior executives in data and analytics from progressive organisations
· Improve operations and services
· Future proof your organisation in this rapidly changing technological landscape
· CDAO Sydney 2-4 April 2019
· Don’t miss out! Register Today!
· Want to find out more? Download the Agenda

REGISTER HERE!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Tagged under

Latest from

Related items

More in this category: « McAfee no longer – Intel Security rules Cyber crime, financial crime top list of threats in 2014 »
back to top
 

Popular News

 

Telecommunications

 

Sponsored News


Services

Company

 

 

 

 

 

Connect