Joshua Rogers, 16-year-old, a self-described whitehat hacker, identified a security flaw in the Public Transport Victoria's(PTV) website that allowed him to gain access to the Database server.
According to the Sydney Morning Herald, the database contained information such as names, addresses, phone numbers, email addresses, birth dates, seniors card ID numbers and credit card numbers.
He reported the vulnerability to PTV on Boxing Day. However, he didn't get any response from them. So, he contacted the Fairfax Media.
The organization responded only after being contacted by Faifax Media. They referred the matter to Victoria Police and Privacy Victoria.
A cyber security consultant, Phil Kernick told SMH that it is disappointing to know that government agency has developed a website which has these sorts of flaws.
As far as i know, most of the Governments don't give importance to their websites. Even if you find a bug in their website and report them, they never appreciate your work. They just file a complaint instead, just like the PTV did.
