Published on April 5th, 2014 📆 | 2338 Views ⚑


Credit Cards for 1.2 Million Drivers Vulnerable at
Security researcher, David Longenecker claimed a serious flaw at TxTag website that exposes the active Credit Card Details and Personal Information of 1.2 Million Drivers including active TxTags (vehicle stickers with microchips, which are scanned by electronic readers on toll roads), Names, phone numbers, full residence addresses, email addresses, along with their complete Credit card numbers and Expiration date.

[adsense size='1']

According to David, the account names could be easily predictable by anyone, which is typically an 8-digit number that begins with the number 2 and protected by only a 4-digit PIN Number, that could be itself another easy x-factor to abuse.

Texas Transportation Department hacked

But their stupidity didn’t end here, to make the case worst for their users; inexplicably stores the entire credit card details including Credit Card Numbers and expiration date, which meant to be partial visible to users, but available in the plaintext as the value of input field on the page source code.

Texas Transportation Department hacked

"I have no indication credit cards have actually been stolen. I merely found and reported a flaw that could very easily be exploited to obtain this information." he said.

[adsense size='1']

Texas Department of Transportation had not learned any lesson from their past experiences with hackers. Exactly two years back, they themselves confirmed a "cyber attack" in which the hackers overloaded the TxTag back office accounts servers, but according to TxTag, no accounts were compromised at the time.
In the reply back in 2012, Karen Amacker, TxDOT spokesman said, "Customer service and information security are of paramount importance to TxDOT. Cyberattackers recently tried to get into, but were not successful. All of our customers' information, including credit card information, remains secure."
But this security and so called paramount importance is seems to be a dilemma for them as they did nothing to improve the data security of their users after facing an attack.

The Flaw has been reported by the researcher, but neither TxTag nor TxDOT have so far responded to any of his request for comment.

"The problem lies in the AutoPay Method screen. If you do not have a credit card or bank account stored for automatic payments, then financial data cannot be stolen through this manner." david said.

[adsense size='1']

We should understand that no one is safe when bad hackers are out to do some damage. You are always advised to don't be lazy with your passwords, set tough-to-guess and long passwords and don't store information online that you don’t absolutely need to. Stay Tuned, Stay Safe.

Tagged with:

Comments are closed.