Gauteng.com exposing user e-mails, phone numbers
Gauteng.com, a tourism portal run by Intoweb, had a publicly accessible URL that displays the details of every request for information, quote, or booking made through the site dating back to 17 April 2007.
Details such as the name, e-mail address, and telephone number of the person requesting information are exposed.
The information appears to have been indexed by Google.
Other information shown at the link includes the venue about which the request was made, the date the request was sent, and the message users sent through the site.
Four buttons are also shown next to each request for information, such as delete and reply. The functioning of these buttons was not tested.
Following a request for comment to Intoweb the page no longer appears to be public.
Intoweb MD Darren Harris said that the page is not supposed to be accessible to the public, adding that they have protected it.
“It probably happened when we moved the site from an older server to a new server,” Harris said
Thanks to Anonymous for the tip
Related articles
Fraud control at Standard Bank raises suspicions
