Web Application Security Consortium - Web hacking Incidents Database (WHID) - List of Incidents

Contributors

Jeremiah Grossman
(WhiteHat Security)

Ofer Shezaf
(Breach Security ) [Project Leader]

The Web Hacking Incidents Database
Last update:07 November 2007

Incident WHID 2006-16

Full List
By Class
By ID

1999
2000
2001
2002
2003
2004
2005
2006
2007

RSS
Statistics
Blog
FAQ
About

WHID

WHID 2006-16: AstraTel customer call records leaked Privacy breach at ISP Privacy breach at ISP

Date: 31 March 2006
Incident Type: Security Breach
WASC Threat Classification: Insufficient Authentication

A security hole in Sydney internet provider Astratel's LiveBilling online account management system has seriously compromised its customers' privacy.

The service redirected users to a different server and propagated the user information in a hidden field without re-authenticating.

References:

Privacy Breach at an ISP Privacy breach at ISP Privacy breach at ISP [Australian IT]

AstraTel customer call records leaked [Public Forum]

This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.

© Copyright 2005, Web Application Security Consortium. All rights reserved.