As a result of a vulnerability in the website of the Sinterklaasjournaal could a hacker data of 13,000 children request. The leak would have to do with a tool that has been around since 2005 and was insufficient to secure.
The tool gave children the ability to, for example, drawings to send coloring pages to download, but was unwillingly to do more. Through sql injection, a common method for the protections to work, could a ‘database dump’ to be made. Among other things, name, e-mail address and age were stored in the database. The hacker, who wishes to remain anonymous, placed on the internet is a partial and censored dump of a table with administrative credentials. He says that he is aware of not more than the information from the database has downloaded. “That would not neatly,” he says.
According to the hacker went by the way to a table with the name ‘wish lists’, but Albada says that such functionality is not on the website of the Sinterklaasjournaal. That functionality was initially in the hacked tool, but has now disappeared. It went in the hack to the ‘big book’ where the data of 1.5 million children in were, emphasizes the NTR.
The call of the Sinterklaasjournaal
The Sinterklaasjournaal cried the young viewers to have their name and e-mail address on the website to fill in the ‘big book’, because otherwise ‘no gifts would be given’. According to ict-lawyer Arnoud Engelfriet, the action is questionable; children under sixteen shall not, without the consent of their parents disclose personal information and the public service broadcaster NTR, the processing of the data is not reported to the CBP, which is in conflict with the data protection Act. The NTR states, however, that the ‘nothing further with the data, so that the registration therefore would not need to report.