Johannesburg buggy system lets anyone to see confidential data of other accounts

The bug in the online payment system of Johannesburg South Africa lets anyone to see names, bank accounts, PINs, addresses, and payment details.

A concern user discovered the security flaw, by changing the four digit number in the website’s URL he can access to someone else account. Leaving more than a million accounts vulnerable to online fraud according to HumanIPO.

Richard Nere, head of IT for Johannesburg municipal government, said: “We’re aware of the security breach on our e-statement services.  Our technical team has brought the services down to prevent further unauthorised access to customer accounts.”

“We are currently investigating the root cause and permanent solution [to] be applied. We do apologize for any inconvenience caused,” he added.

A spokesperson of the City refused to reveal if all accounts are vulnerable in the bug.