The New York City Council had recently announced to its 5,994 members that were registered on its app that their personal data can be breached; reassured them that there was a flaw in their system which had been discovered by an ethical hacker. Leeds based digital agency discovered that user details like phone numbers, addresses and encrypted passwords on the One Planet York app could easily be viewed and alerted the council. As it was a well-intended action they thanked the developer and warned their users. The digital monitoring platform Rapidspike said that their developer discovered the flaw when he was browsing a page within the app and was able to view details of ten users.
He did not deliberately try to exploit the vulnerability of the app that allows its users to check for details about their region’s bin collection dates and recycling information and immediately informed the respective council. The matter was reported to North Yorkshire Police and Information Commissioner’s Office by City of York Council. After the breach report the One Planet York app has been removed from its website and app stores and the council has asked users to delete it from their cell phones as early as possible.
The council tweeted that though they tried to contact the actual person who revealed the flaw they did not respond making it conclude that the hacking attempt was deliberate and unauthorized so they informed local police. But they later softened stand after review and stated that they would like to thank the individual who brought the flaw to their notice and confirm that the action was well-intended. An ethical hacker is also known as a “white-hat” hacker who searches for data vulnerabilities for general interest and public security to bring them to the notice of appropriate authorities and does not do it with malicious or criminal intent.