About 45,000 "one star" reviews protested to the transportation agency that reported the 18-year-old hacker who pointed out the vulnerability of ticket purchase service and arrested

A hacker who found a vulnerability of web service sometimes saw the case that a company responds, but in Hungary the hacker of Budapest Traffic Center (BKK), an organization responsible for public transportation pointed out vulnerability Hackers were arrested by the police because they reported that 45,000 "☆ 1" lines were lined up in the review of the Facebook page of BKK.

45,000 Facebook Users Leave One-Star Ratings After Hacker's Unjust Arrest
https://www.bleepingcomputer.com/news/security/45-000-facebook-users-leave-one-star-ratings-after-hackers-unjust-arrest/


VulnerabilityBudapesti Közlekedési Központ (BKK: Budapest Traffic Center)It is in the part related to the purchase of the ticket, and it was possible to change the ticket price by modifying the source code using the developer tool of the web browser. An 18 - year - old hacker who realized this vulnerability was originally able to buy a ticket of 9459 Foreign (about 4010 yen) at 50 foreign (about 21 yen).

IT companies have established programs to reward incentives for reporting vulnerabilities and bugs, and in 2016A ten-year-old boy found a bug in Instagram and updated the youngest bug hunter recordThere was also news that it did.


A hacker who noticed the vulnerability of BKK was not aimed at rewards, but told BKK about this. However, BKK reported to the police, "I've been trying to hack into the system," about the hacker. The hacker did not reside in Budapest and did not use the ticket I purchased, but the police arrested me.

BKK opened a press conference and declared that "the system is safe", but immediately other users pointed out the flaws on Twitter. Survey of surrounding relationships revealed that the maintenance of the system is spending a million dollars a year (about 100 million yen), and anger to BKK and system administrator Kalman Daboczi erupted. Based on Hungarian Facebook users, 45,000 "☆ 1" will be sent to the review of BKK's Facebook page to show that this collectively supports this young hacker.

BKK - Budapesti Közlekedési Központ - Reviews | Facebook
https://www.facebook.com/pg/bkkbudapest/reviews/


Ironically, the company T-Systems, which was under contracting the system maintenance of BKK, was sponsoring the "ethical hacking" contest.