21
620hun
7y

The Hungarian public transport company launched an online shop (created by T-Systems), which was clearly rushed. Within the first days people found out that you could modify the headers and buy tickets for whatever price you set, and you could login as anyone else without knowing their password. And they sent out password reminders in plain text in non-encrypted emails. People reported these to the company which claims to have fixed the problems.

Instead of being ashamed of themselves now they're suing those who pointed out the flaws. Fucking dicks, if anyone they should be sued for treating confidential user data (such as national ID numbers) like idiots.

Comments
  • 1
    Class action?
  • 0
    @magicMirror The details are unknown, but I doubt it'll get serious. We'll see.
  • 1
    This is why you get an external security audit, do trials with small groups first, and award those who hunt bugs for you.

    When one of the clients of our platform finds a bug we send them anything between a €25 gift card (UI mistakes / 500 errors) and a few thousand in cash (vulnerabilities).
Add Comment