MASSES OF CUSTOMER RECORDS have been accidentally splurged online by the US Government Payment Service.
The Government Payment Service is used by the USA’s local government to, unsurprisingly, handle online payments for government-related things like licensing fees and paying fines levied by courts.
But KrebsOnSecurity reported that more than 14 million customer records going back as far as 2012 were exposed online thanks to a flaw in the service’s website.
Through the simple tweaking of digits in the web address of the online receipt users get once they use the GovPayNow.com service, it was possible to view the records of millions of customers; not a great example of web security there.
However, the Government Payment Service said in a statement to KrebsOnSecurity that the problem has now been fixed and while the data was potentially exposed, there’s no indication thus far that it was used for nefarious purposes.
“The company has no indication that any improperly accessed information was used to harm any customer, and receipts do not contain information that can be used to initiate a financial transaction. Additionally, most information in the receipts is a matter of public record that may be accessed through other means,” the company said.
“Nonetheless, out of an abundance of caution and to maximize security for users, GovPayNet has updated this system to ensure that only authorized users will be able to view their individual receipts. We will continue to evaluate security and access to all systems and customer records.”
Obviously, such data leaks are a big no-no, but when we stop and think about it the likelihood of anyone other than security researchers to stumble across a flaw is pretty slim. After all, how often are you tempted to mess with the web address of an online receipt – if the answer is “all the time” you’ve got problems pal.
There are worse examples of data leaks as well, like the spilling of Facebook data belonging to some three million users. µ
Source : Inquirer