It looks likes the whistleblow on security & privacy concerns have been given a deaf ear by the Government officials. They fixed stuffs when I published my observations around MNIC but at the same time I pointed out a lot more needs to be done since there are other stuffs lurking around.
A few days ago I also highlighted security concerns surrounding .mu domains due to DNS vulnerabilities. This could be a major impact for government services running through www.gov.mu portal. Nevertheless, there doesn’t seem to be any transparency of what is being done. Nothing has been announced on the security measures being adopted.
Today yet another episode gave me goosebumps. Someone, who wants to stay anonymous, tipped me that he came across a page that contained his name & phone number along with other details on the Government Portal. On my end when I analyzed the URL, through mere observation, it revealed a lot more than that.
Do I call this a vulnerability? Nope! This is carelessness & blatant imprudence. On this note, I have sent an email to the Data Protection Office for them to trigger the necessary actions.
Two weeks ago I blew the whistle regarding privacy concerns. With a major privacy breach of this magnitude, I hope the Data Protection Office will accept my complaint and proceed accordingly.