Endpoint Protector Appliance: Stop data theft on Windows and Mac

Website exposes sensitive data on Californian commuters

September 11th, 2009 by Agent Smith (2) Identity Theft,In The Spotlight

Military personnel included in exposed group of carpooling employees

A website built to help commuters carpool to work is exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation. The reason for the data breach was caused by programming errors in the website code.

The bugs, discovered on the RideMatch.info website enable hackers to easily access personal information such as names, home addresses, phone numbers, the times they commute to and from work, and in some cases employee numbers. According to a recent article published by The Register, the SQL injection vulnerability was still active 2 days ago, although it has been discovered two weeks before and reported to a developer who runs the website.

The issue has been discovered and reported bu Kristian Hermansen, a security researcher. Upon receiving a form to fill in by his employer, apparently a legal requirement for all employees, he investigated the website where the information was to be posted.

Endpoint Security and Device Control Solutions with low TCO and great ROI.

RideMatch.info is a joint project developed by transit authorities in five regional governments in Southern California. Each individual using the website enters work and home addresses and the time they leave from each. Based on the data, the website then teams them with others who live and work nearby and commute at similar times, thus providing an effective carpool matchmaking services. Too bad the same range of data can be accessed by any hacker willing to exploit the vulnerability!

2 Responses to “Website exposes sensitive data on Californian commuters”

  1. Burglars, Rush Hour and Web Application Firewalls « Hyperguarding your Web Applications Says:

    […] and Hollywood capers? After reading about the early September plight of RideMatch.info in the New York Times, you might not see the connection since ‘Agent Smith’ reported technically about this […]

  2. Making the connection: Exposed data and consequences | Endpoint Security Info Says:

    […] our recent post on Californian commuters being forced by the law to submit their private details to a site that was clearly exposing them […]

Leave a Reply