Australian Teen Alerts Transit Department To Security Hole On Website... Gets Reported To Police
from the not-this-again dept
The database contained the full names, addresses, home and mobile phone numbers, email addresses, dates of birth, and a nine-digit extract of credit card numbers used at the site, according to The Age newspaper in Melbourne.Rogers did exactly what a good security researcher should do: he contacted the Transport Department. After waiting two weeks without further response, he went to the press. Upon hearing from a reporter, rather than focusing on closing this massive security hole (and figuring out how to properly encrypt credit card numbers), the Transportation Department told the reporter that it was reporting Rogers to the police.
In other words, the officials there would rather malicious hackers have access to all that info, and are trying to throw the guy who told them they should fix their website in jail. Incredible.