Note from hacker
Security loophole discovered in the climate bonus
Following a hacker's tip-off, a security loophole in the climate bonus has been eliminated. According to the Climate Protection Ministry, the misuse of forged ID cards could have made it possible to retrieve individual data on the payment status of the climate bonus, including the bank sort code or the amount of the climate bonus.
A so-called ethical hacker discovered the potential security gap in connection with the automatic verification of ID cards while testing the climate bonus website and immediately informed the Climate Protection Ministry. A comprehensive external review revealed that there was no evidence that the vulnerability could be exploited.
The tool was actually used to provide citizens with low-threshold information about receiving their climate bonus. It was taken offline in order to subsequently rectify all security vulnerabilities. The service hotline on 0800 8000 80 is still available for low-threshold information on the climate bonus.
No data leaked
As part of the necessary precautionary measures, the Ministry of Climate Protection has also informed the data protection authority. This authority has since closed the relevant proceedings, as no data was leaked and all appropriate measures were taken immediately. In addition, external experts were commissioned to re-examine the facts of the case. This review also came to the conclusion that no data of citizens had been leaked.
As a result of this incident and on the recommendation of epicenter.works, the Ministry of Climate Protection is now working on setting up a program to reward people who draw the Ministry's attention to security improvements.
This article has been automatically translated,
read the original article here.
Kommentare
Willkommen in unserer Community! Eingehende Beiträge werden geprüft und anschließend veröffentlicht. Bitte achten Sie auf Einhaltung unserer Netiquette und AGB. Für ausführliche Diskussionen steht Ihnen ebenso das krone.at-Forum zur Verfügung. Hier können Sie das Community-Team via unserer Melde- und Abhilfestelle kontaktieren.
User-Beiträge geben nicht notwendigerweise die Meinung des Betreibers/der Redaktion bzw. von Krone Multimedia (KMM) wieder. In diesem Sinne distanziert sich die Redaktion/der Betreiber von den Inhalten in diesem Diskussionsforum. KMM behält sich insbesondere vor, gegen geltendes Recht verstoßende, den guten Sitten oder der Netiquette widersprechende bzw. dem Ansehen von KMM zuwiderlaufende Beiträge zu löschen, diesbezüglichen Schadenersatz gegenüber dem betreffenden User geltend zu machen, die Nutzer-Daten zu Zwecken der Rechtsverfolgung zu verwenden und strafrechtlich relevante Beiträge zur Anzeige zu bringen (siehe auch AGB). Hier können Sie das Community-Team via unserer Melde- und Abhilfestelle kontaktieren.