NZ Service Provider Pwned: A Responsible Disclosure Story
2025-03-27
A security researcher discovered a critical database vulnerability in a New Zealand app, KiwiServices, during a penetration test. By manipulating a simple HTTP request, they bypassed authentication and accessed the entire user database, exposing sensitive information like names, emails, and phone numbers. The researcher responsibly disclosed the vulnerability, and KiwiServices fixed it within 30 days. This highlights the importance of security testing and prompt patching.
Read more
Development