The Ster Kinekor website has caused millions of South Africans to fall victim to a data leak.
The local movie theatre chain found a flaw in the system that has compromised the personal data of its members.
The old website allowed anyone with a bit of know-how to get the profile details of every user on the site. The information included names, addresses, emails, phone numbers and passwords.
A software developer from Durban was the person who actually discovered the flaw in the website. He reported the bug to Ster Kinekor last year.
The bug in the back-end system was found through the Flash coding of the website. A simple Google search of ‘Flash decompiler’ was all it took for Matt Cavanagh to get the data from all 6.7 million users on the Ster Kinekor website. That’s how simple the security flaw was.
What’s even more shocking is that Ster Kinekor had no idea that Cavanagh had managed to hack into their system. It seems as if they did not monitor their service.
For those who are worried about being affected by the data leak, follow Cavanagh’s advice.
“I highly recommended that if users previously used the same password on Ster-Kinekor and other systems, then they go change them to be unique. It is important to never use a password twice.”
Ster Kinekor insists that there have been no further leaks since Cavanagh reported the situation.
“Since being made aware of this state of affairs by Mr. Cavanagh, no further breaches have been detected. Ster-Kinekor was assured that our customers had not been exposed to ongoing harm and that their data had remained safe.”
The company has since upgraded to a new multimillion-rand system that is also world-class. This is to show people that Ster Kinekor is serious about protecting the personal information of its customers.
(Featured Image: Destiny Magazine)
Also on Connect: