In: Teen helps IRCTC fix bug that could expose passenger’s private information

DNA reports:

A 17-year-old student in a private school in Chennai’s Tambaram has helped the Indian Railway Catering and Tourism Corporation (IRCTC) fix a bug in its online ticketing platform, which could have exposed millions of passengers and their private information.

Ranganathan said that the critical Insecure Object Direct References (IODR) vulnerability on the website helped him to access the journey details of other passengers.

[…]

The teenager had earlier got acknowledgements from Linkedin, the United Nations, Nike, and several others for alerting them of the vulnerabilities in their websites.

Read more on DNA and someone please give this kid a bug bounty and a paying job!

Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
Hotel and Casino near Las Vegas Strip suffers data breach, documents say
Bombay High Court Orders Department of Telecommunications to Block Medusa Accounts After Generali Insurance Data Breach
Cyber-Attack On Bectu’s Parent Union Sparks UK National Security Concerns
Attorney General James Announces Settlement with Wojeski & Company Accounting Firm
Romanian prisoner hacks prison IT system in plot made for a Netflix movie

Related: