PETALING JAYA: The barely week-old price watch portal has been breached by hackers who got away with the private details of about 2,000 registered users.
Online community portal Lowyat.net yesterday posted an article highlighting that the 1Malaysia Pengguna Bijak’s (1MPB) website had “several vulnerabilities” that allowed hackers to obtain sign-up details, user names, e-mail addresses and hashed passwords.
The security breach came after the Domestic Trade, Co-operatives and Consumerism Ministry admitted on June 9 that the portal experienced “teething problems” because of the 3.5 million hits it received two days after it was launched.
Lowyat.net founder and chief executive officer Vijandren Ramadass said an SQL injection (a code injection technique that exploits a security vulnerability in the database) could be used on the price watch portal to retrieve the entire database remotely.
He added that a group of hackers calling themselves The Rilekscrew had exposed the flaw in the site.
Vijandren added that another local website, kenahack.com, had also published an article about the hacking and even listed out in detail how to retrieve the database there.
Vijandren added that he sent an e-mail to the administrators of 1pengguna.com explaining the vulnerability.
However, after two days, nothing had been done to secure the servers.
Domestic Trade, Co-operatives and Consumerism Ministry consumerism and management division deputy secretary-general Mahani Tan Abdullah admitted there was “a breach of security” but played down the matter, saying that only the “the first layer” of the website’s security was penetrated.
She said efforts were being made to improve the security of the website.
“I assure the public that the site is safe. Most of the usernames and e-mails exposed belonged to ministry staff who were part of the initial data testing stage,” she added.
The contractor, Sands Consulting Sdn Bhd, could not be reached for comment.
Source: The Star Online
No comments:
Post a Comment