08 Sep 2016

Share

eThekwini municipality website leaks user data - expert

Kyle Venktess, Fin24

Johannesburg - KwaZulu-Natal's eThekwini municipality e-services website is hackable with residents’ personal information such as ID numbers and other data being exposed with just the change of a web address, according to an expert.

READ: eThekwini shuts down e-services after user data leak

Local software developer, Taylor Gibb, has said that by simply changing a part of the web URL on the eThekwini website, full details on users can be seen. Gibb outlines this in a blog post that he wrote and posted on Thursday.

Gibb told Fin24 that it was a trivial task for someone who knew "a thing or two about computers".

“The first problem I noticed is that they emailed all users their usernames and passwords, which meant they are storing our data in plain text,” Gibb from Durban said. 

“This prompted me to investigate further. What I found was shocking. By changing a single portion of the URL, you are able to see full details for any other registered user on the system. You can see their email, ID number, deceased status, gender, account number and cellphone number,” he added.

“The government has an obligation to protect our data, and I have an obligation to alert you that your data is not safe,” he said.

“In a matter of minutes, someone could have all their information at their fingertips. The code to dump their entire database, which contains everyone’s personal information would be less than 10 lines of code,” Gibb added.

Fin24 approached eThekwini officials for comment but the municipality did not immediately respond.

Instead, the municipality told Gibb on Twitter: "We are looking into this. Sorry about that."

Are you an eThekwini resident and what are your views on this? Tell us by clicking here.

The municipality just after 13:40 on Thursday then said on Twitter that it was moving to take the website offline to beef up its security.

@KyleVenktess on Twitter.

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
19.29
-0.7%
Rand - Pound
23.87
-1.1%
Rand - Euro
20.58
-1.2%
Rand - Aus dollar
12.38
-1.1%
Rand - Yen
0.12
-1.2%
Platinum
943.50
+0.0%
Palladium
1,034.50
-0.1%
Gold
2,391.84
+0.0%
Silver
28.68
+0.0%
Brent Crude
87.29
+0.2%
Top 40
67,314
+0.2%
All Share
73,364
+0.1%
Resource 10
63,285
-0.0%
Industrial 25
98,701
+0.3%
Financial 15
15,499
+0.1%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Partner Content
Embrace your creativity

09 Apr

Embrace your creativity
Students, it’s time to get the best laptop and deal on Mac at iStore

05 Apr

Students, it’s time to get the best laptop and deal on Mac at iStore
Sunrises, Narnia, and hobbit money – 10 fun reasons you need to visit New Zealand

19 Mar

Sunrises, Narnia, and hobbit money – 10 fun reasons you need to visit New Zealand
Beauty24 | Let’s debunk these common skincare myths

28 Mar

Beauty24 | Let’s debunk these common skincare myths
Find more
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders
GooglePlayLink HuaweiGalleryLink AppleStoreLink
© 2024 (3.0.24094.4) 24.com. All rights reserved.
Terms and Conditions Media24 Privacy Policy Vulnerability Disclosure
Contact us Help with my subscription
Iab Logo