Dutch public transit portal leaks 168.000 public records
A dutch portal ervaarhetov.nl used to promote the use of a new public transportation chip card has been taken offline, after a hacker submitted a video that demonstrated hacking the underlying database that contains that records of 168.000 dutch citizins. The flaw used to exploit this vulneribility is by experts also know as SQL Injection.
The hack exposes yet another vulnerability in a long line of weaknesses taunting the implementation of the new public transport system, based on contactless chips. Although the flaw was found in a website hosted by 3 provinces in order to stimulate the use of the new chipcard, the dutch politic part "SP" is holding the dutch minister of transportation responsible for this weakness.