14 DAY TRIAL // A renowned and respected Aussie security expert got a visit from the authorities after he informed a superannuation company of a serious vulnerability that could have exposed millions of customers.
According to Risky.biz, Patrick Webster is one of the people who constantly contributes to finding flaws in the effort of making the internet a safer place. He is also part of OSI Security and a member of the First State Superannuation pension fund.
While viewing his online account he noticed that by simply changing the ID number from the browser's address bar, he could access the information of any customer.
After informing the organization of the error, he received a thank you note in which his efforts seemed to be appreciated. As it later turned out, the firm informed law enforcement officials of the good deed, which sort of looked at him as a potential hacker.
That's how he found himself questioned by local police who soon after the incident knocked on his door.
"They said it was about downloading files from First State Super. They said they didn't really understand it. They were the local Police,” Webster revealed.
“The annoying part is that I contacted First State straight up. I gave them my number, email... and full details in my email including LinkedIn and they called the cops," he added.
Soon after everything was cleared and the bug was fixed, but the incident can make you wonder about these things. It's bad enough that we have cybercriminals on our heads, no respected security researcher should deal with these embarrassing moments.
In a letter written to one of the customers whose account was accessed by Webster, the company at hand admitted the error.
“This incident was not the result of a targeted attempt to access your statement or account details. This member alerted us to the ability to view your statement and advised that your statement was only viewed when testing the security of his own online account. The member advised that he has not retained any details in your statement,” the letter read.