By a susceptibility to sql injection in a Dutch content management system enabled databases of public broadcasters and radio stations to be viewed. 2.3 million records with personal information were accessible.
The leak in the software internet business Angry Bytes was discovered by a hacker who Webwereld example. The software is used by broadcasters as well as the KRO, BNN, and the NTR, but also by Omroep.nl and the websites of radio stations, like 3FM, Slam! FM and QMusic. By the same vulnerability on the websites operate, he could get access to 2.3 million personal information, claims to be the hacker.
One of the affected omroepwebsites is that of the Sinterklaasjournaal, writes Computerworld, although Angry Bytes that denies. That site came this week two times before in the news; Tuesday, discovered a hacker is that he is the data of 13,000 children could obtain thanks to sql injection, and Wednesday claimed the same hacker the e-mail addresses of up to 1.5 million children to have been able to identify. The NTR denies that last; he would only be first name and last name have been able to identify. Also websites of popular programs such as Spraying and Swallowing, The Core, and sesame street were vulnerable.
Through the now discovered leak could, in many cases, the name, address, e-mail address and phone number be traced, but also, sometimes, employer, job title, or even a photo. In a part of the cases, it was according to Computerworld to ” data for dating, though it is not clear what is meant. Through the leak in the website of The Core could 230.000 “addresses” to be obsolete, in which it is unclear whether the e-mail addresses or postal addresses. Through the website of 3FM could be a half a million names to be approached.
The security issue had also resulted in passwords of administrators could be traced. Which were in some cases in plain text are saved; in other cases they were encrypted, but easy to figure out. Computerworld-journalist Brenno de Winter says to be shocked by the leak, and hopes that there is a national debate about ict security comes to the large number of securityproblemen to the light.
Update, 15:08: Co-founder Marc Veuger of internet businesses Angry Bytes confirms the news of Computerworld. It was going to be a vulnerability in the front-end of an old system, that by mistake still was accessible. According to Veuger is the website of the Sinterklaasjournaal not to the hacked sites.