Website exposes sensitive details on military personnel

Tuesday, September 08, 2009

Dan Goodin reports:

Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation.

The bugs, discovered last month on RideMatch.info, allow hackers access to a variety of personal information, including individuals’ names, home addresses, phone numbers, the times they commute to and from work, and in some cases employee numbers. The SQL injection vulnerability remained active at time of writing, more than two weeks after it was reported to a developer who runs the website.

Read more on The Register.

Original Source: http://www.databreaches.net/?p=7054
Possibly Related Articles:
2384
Webappsec->General
Higher Education K-12 Preschool Accounting Banking Financial Services Federal Military Municipal State/County Bio/Pharma Healthcare Provider General Legal Consulting Hardware Information Security Reseller/Integrator Service Provider Software
Data Loss Hardening HTTP Security Legal breaches
Post Rating I Like this!
29caf2d9c852c6936e9d8b256513d0bf
Lance Miller Two weeks...ugh.
1252458335