If you have been onto Ster-Kinekor's website recently, both on your mobile and on your desktop, you would see that it has drastically been changed. However as great as change is in the world, for the sake of Ster-Kinekor, it was a rather rushed job building their new site due to some nasty security flaws that were found in the old version. If you go onto the site now, you will struggle to book tickets, view movies, and more, but at least your private information is secure, unlike the past site.
It seems that the drastic change in Ster-Kinekor's website was to cover up a security leak that was exposed by South African developer Matt Cavanaugh, aka Roguecode. On his blog he highlights how the old Ster-Kinekor website was flawed, and how he was able to access close to 6.7 million users' data. Do not panic however, he did not steal anything from you, but rather alerted Ster-Kinekor on the issue and made sure they fixed it right away.
According to his blog the process was not hard to find at all, and showed negligence on SK's end. After he found the flaw in the site, he could see addresses, phone numbers, and passwords in plain text form. This means that if someone already attempted to access the site's private data, then chances are your private information has already been leaked. Matt recommends that everyone who has used the site before change their password as soon as possible to avoid any other nasty issues. He does not know if someone has accessed the site before, and he doubts that Ster-Kinekor know either.
The security flaw comes from the backend of the site through the Flash coding. He even goes onto mention that he has very little experience with Flash, but the security flaw was so simple that he did not have to know it that well to gain access to it. He mentions that a few things were done wrong with the design of the site that led to this breach. No HTTP, their own encryption, storing passwords in text form in their coding, and much more.
For movie goers this is bad news as everything is now done on your phone or web browser. I for one book tickets all the time, regardless of it being a new or old movie, as its just more convenient. Rest assured however as Ster-Kinekor have come to the table and admitted the fault saying that no further breaches have been detected since the site makeover, and that they are fully in control of the security going forward.
We did contact Ster-Kinekor regarding Mr Cavanaugh's post, and we'll update the article with their response.
Seems all good in the end, but it still makes you wonder just what other local sites out there are not secure. What do you make of this security breach? Let us know in the comments below.
News via Critical Hit
Coco: Twitter | MWEB GameZone: Twitter | Facebook | Instagram | YouTube