A concern user discovered the security flaw, by changing the four digit number in the website’s URL he can access to someone else account. Leaving more than a million accounts vulnerable to online fraud according to HumanIPO.
Richard Nere, head of IT for Johannesburg municipal government, said: “We’re aware of the security breach on our e-statement services. Our technical team has brought the services down to prevent further unauthorised access to customer accounts.”
“We are currently investigating the root cause and permanent solution [to] be applied. We do apologize for any inconvenience caused,” he added.
A spokesperson of the City refused to reveal if all accounts are vulnerable in the bug.