14 DAY TRIAL // Security experts from technology website Tweakers exposed Dutch local news agency GPD for having poor database, user and password management after having accessed the latter’s database. After a 24-hour warning, Tweakers made the vulnerability public and leaked information on how to access GPD's VIP phone numbers database.
Tweakers mainly does software and hardware review, but when IT specialists discovered that the GPD internal database was accessible via the Internet, they went on to inspect the site's security measures. After various investigations, they found out that GPD's firewall and security barriers were full of holes, which permitted them to gain access to sensitive information inside the database.
After they passed the login stage by guessing a simple password, they gained access to various VIP phone numbers stored on the news agency's server database through its internal Google search function. You can take a look at a screenshot taken by NOS news website below.
"We exposed the problem at GPD's website because security for the site is so poor," said Tweakers editor-in-chief, Wilbert de Vries in an interview for Dutch newspaper De Telegraaf, adding that "We didn't expose it until 24 hours after we had warned them about the problem."
This is similar to an incident that occurred in November 2007, when two state officials from the Ministry of Social Affairs accessed GPD servers via the Internet. The leaked data contained thousands of private telephone and mobile numbers of various Dutch VIPs. TV presenters like Mart Smeets, Jort Kelder or Felix Meurders found their numbers made public by GPD's snafu. Prime minister Jan Peter Balkenende and anti-immigration MP Geert Wilders also had their numbers made public, but those were previously taken out of order and didn't bring much havoc inside Government offices.
After the incident, GPD announced having increased security measures by making it impossible to access the database from the Internet and by changing the login password.
