Leak in Kamernet –

Feb

6

2017

Gave access to 1.3 million messagesThe Dutch student Nelson Mountain, leaking previously fixed appealed to the HvA and UvA, has found a leak in the site Kamernet. So it was possible to see in 1.3 million messages, such as those sent between prospective tenants and landlords.

Berg has his findings published on his blog. There he writes that he discovered the leak because he was looking for a room in Amsterdam. He found that it was possible through the Messages api messages to request with an ID that does not belong to himself, making access to the messages of others possible. By writing a script that every ten-thousandth message opvroeg, he could arrive at an estimate of 1.3 million messages. A spokesman for Kamernet confirms this estimate versus Tweakers.

Berg explains that he has little to say about the content of the messages. “Many people are trying to introduce himself that way and therefore it is often personal information. There, for example, contact details in between, if they are exchanged.” It would also create images were clear, though the spokesman Kamernet says that not every profile from a photo feature. He further says that the leak was fixed within half an hour after the message.

“After the message was received, we have removed our entire dev team of their duties to look at this and look for similar leaks,” the spokesman said. Because the logs to check back as far as it would have proved that apart mountain no one else had access to the data. The vulnerability has been reported to the Authority for Personal Data. Due to the nature of the hack and the lack of negative intentions Kamernet currently sees no need to report the leak to the affected users.

Although Kamernet has no bug bounty program, this is according to the spokesman something currently being thought about. A possible reward to Berg, he says: “We know that he is looking for a room in Amsterdam, so possibly we can help it.” Berg discovered more leaks in the student information system of the HvA and UvA. Therefore were data from more than 500,000 students accessible

Viewing:-155

In: Technology & Gadgets Asked By: [17168 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »