Kat Hall reports:
Serious concerns have been raised over the security of the Scout Association’s database, which holds the contact details of 450,000 young people and volunteer adults, The Register can reveal.
A Scout leader contacted the Register to express grave concerns that the association’s Compass database is not secure, despite the organisation’s assurances it had been tested. The system has been in development for two years and went live in September.
But this week it emerged users could change details such as date of birth of other members – the same details used to conduct password resets. That functionality has now been temporarily removed after members took to the Compass forum to complain.
But wait… is it true? The Register updated their report to add:
A Scouts spokesperson contacted us since the publication of this story to say: “There is no evidence at all to suggest that there are any security bugs present in Compass that could grant access to data to non-registered users. We work with security experts to test the security of our systems on a regular basis to keep our data safe.”
Read more on The Register.