Another day, and we have another local firm that isn’t taking its privacy seriously. NTS, the leading testing service in the country, is exposing private information of each and every applicant out in the open world wide web.
This information stored on NTS servers, for several hundred thousand students, is exposed to the world that includes extremely private data including names, father name, passwords, home addresses and what not.
The information which can be accessed is as follows:
- Deposit ID
- Father Name
- Auth ID
- Test City
- Date of Birth
- Mobile Phone
We do not want to publicize the exact format of the URL due to the sensitive nature of the information but here’s a screenshot.
We were able to access information of hundreds of candidates and we are sure that anyone with moderate technical knowledge could quickly build a database with the available data.
Frankly, it is absolutely incredible that an organization raking in money by the bucket loads can’t even be bothered to properly secure its servers. Even if they do, there must be a better way to store information than in plain text PDFs, that are easily accessible.
Security is often not even factored into the equation in most companies. Quality assurance is one of the most critical areas for any organization that relies on the internet or computers and it’s time that fact is widely recognized in Pakistan.
We call upon NTS to give due attention to this matter and resolve this gaping security hole at once.
No wonder you will see tons of ads on this semi government website, hinting that the people running and maintaining this website are more concerned about the money and not about the look and feel and other important aspects of the website.
Thank you Ali for tipping us on this.