It looks like the NSA or other government agencies might not be the only ones that have access to your personal details. Everyone with Internet access could have seen your address, name, email and photo just by navigating to a website. This is the case of a private parking ticket company by the name of PaymyPCN.net, who allegedly published one of their clients’ database online. It is said that a security flaw on the private parking firm’s website allowed public access to around 10,000 motorists.
“[The] breach at PaymyPCN.net demonstrates that even with basic IT security measures in place, perimeters are still permeable.” said Sol Cates, CSO at security vendor Vormetic. “In this case, it appears that, while motorists’ data and fine payments were encrypted once inputted into the PaymyPCN.net website, a backdoor link left the computer database wide open – providing access to private information provided to PaymyPCN.net by the DVLA. Although the information was encrypted, just as important is the control of access to the encrypted information – and this is where PaymyPCN.net appears to have failed,” he added.
Michael Green, a consumer activist, is said to be the one who uncovered the flaw after it had been “sent to a motorist in error”. The site is said to have been taken offline by PaymyPCN.net immediately after the breach, but it has since returned. PaymyPCN.net activities involve the collection of parking charge notices, acting as an agent of both private and public sector parking operators.
Thank you The Register for providing us with this information