Poor security is one thing. No security at all is quite another…
IT’S EASY TO JUDGE those who believe that setting a password of ‘123456’ is enough to keep them safe from internet nasties, but they do at least have some security. True, it’s like locking your door with a loosely-bound elastic band, but it technically better than nothing.
And nothing is exactly what the Swedish Healthcare Guide service used to protect 2.7 million recordings of phone calls to its 1177 phone number, according to an explosive report from ComputerSweden’s Lars Dobos. The recordings go all the way back to 2013, and amount to a massive 170,000 hours of audio with no protection – and 57,000 of them with phone numbers right there in the file name.
As if leaking recordings of callers private medical problems being candidly discussed wasn’t enough, many of the calls also include social security numbers – so you can add the possibility of identity theft into the mix, too. Yikes.
To top it all off, the Apache HTTP server it was running dated back to 2013, which suggests it has at least 23 vulnerabilities. Not that they would have been needed given the website was wide open to the public, of course.
Suffice it to say, this doesn’t quite live up to GDPR regulations, so you can imagine someone, somewhere is in for a world of legal hurt.
The site has now been pulled offline, but Tommy Ekström, the CEO of Voice Integrate Nordic was extremely candid when Dobos contacted him for comment. “This is catastrophic, it’s sensitive data,” he said. “We had no idea that it was like this. We will, of course, review our systems and check out what may have happened.”
Poor security in public services is far from unheard of, the world over. No security at all? Well, that’s a new low to beat. µ
Source : Inquirer