Dan Goodin reports:
Programming errors on a website that helps commuters carpool to work are exposing sensitive information of workers for hundreds of employers in Southern California, including at least one military installation.
The bugs, discovered last month on RideMatch.info, allow hackers access to a variety of personal information, including individuals’ names, home addresses, phone numbers, the times they commute to and from work, and in some cases employee numbers. The SQL injection vulnerability remained active at time of writing, more than two weeks after it was reported to a developer who runs the website.
Read more on The Register.