The eThekwini municipality in Durban has shut down its e-services website after it was revealed on Thursday that it was potentially leaking personal data.
Fin24 reported on Thursday that the KwaZulu-Natal municipality’s e-services website is susceptible to hacking as residents’ personal information such as ID numbers and other data risks being exposed with just the change of a Web address.
Local software developer Taylor Gibb has said that by simply changing a part of the Web URL on the eThekwini website, full details on users can be seen. Gibb outlined this in a blog post that he wrote and posted on Thursday.
In the meantime, eThekwini has pulled down its e-services website.
“eThekwini municipality is investigating claims that information is being shared relating to customers’ accounts and as a precautionary measure, the municipality has taken the site offline in order to prevent any unauthorised access to our client data,” the municipality said in statement.
Meanwhile, Gibb said that it was a trivial task for someone who knew “a thing or two about computers”.
“By changing a single portion of the URL, you are able to see full details for any other registered user on the system. You can see their e-mail, ID number, deceased status, gender, account number and cellphone number,” he said earlier.
“The government has an obligation to protect our data, and I have an obligation to alert you that your data is not safe,” he said.
The municipality added that the site was expected to be back online on Monday, 12 September. “In the meantime, eServices users can contact the revenue call centre on 031 324 5000,” the municipality said.