14 DAY TRIAL // A “classic” security hole in the online bill payments system of the municipal government of Johannesburg, South Africa, has exposed the names, bank account numbers, PINs, addresses and payment details of citizens.
According to HumanIPO, a user noticed that by changing the four-digit ID in the website’s URL, he could access any of the 1.1 million accounts.
The service has been taken down to prevent unauthorized access to user accounts, Richard Nere, head of IT for Johannesburg municipal government, stated.
“We are currently investigating the root cause and permanent solution [to] be applied. We do apologize for any inconvenience caused,” he added.
The city’s representatives have refused to reveal for how long the vulnerability existed. They’ve also refused to provide any details regarding the extent of the incident.