Jan 1, 17 / Aqu 01, 01 23:23 UTC
[BUG] Security issue on identities ¶
Hello, Asgardian folks.
Forum user ID is the same as citizen number ID, which kinda makes sense. Yesterday, I coded a little script to get profile info, only name. I got about first 1,000 user number and name, in a tiny database. Probably the first 1,000 are people with some kind of proximity or relation to the founder.
Plausible examples (found on list): - Prof. Welch - Mr. Revell - Mr. Mosher ..
I emphasise that Igor Ashurbeyli doesn't seem to be on the list (I retrieved a little less than 1k entries)
What I want to say is that probably using a number and allowing to get some information, even if they never posted on a forum, is kinda risky, isn't it?
I remember, about 10 years ago you could get some information on a user by typing user's land line number through some websites, so you could create your own database. It is now ilegal in my, first, country. I just want to let you know about the possibilities and potential of getting the whole database matching "user name/login" and ID.
Perhaps you consider this a mistake and I'm being a little bit excesively careful. Of course my sole intention is to tell about this possible issue. Hope to hear from you, folks.