THE NORWEGIAN GOVERNMENT has been left with egg on its face after an unknown number of citizens accessing its online web portal were all logged into the personal tax account of one unfortunate individual.
The blunder hit the Altinn web service that is operated by the Norwegian government to allow taxpayers to access and submit official forms electronically.
The service has not operated smoothly in previous years, however, and 2012 is proving to be no exception. When the Norwegian tax authorities published tax results early in the morning on Tuesday 20 March, the system collapsed under the demand created by an estimated 200,000 attempted logins.
When the service was brought back up, everyone was logged in as the same individual. "This was the status until noon, where traffic evened out and the server was stable again. Logging in is fairly simple: you type in your social security number and a personal password, and you receive a pin-code that you need to type in. At 6:17 PM local time, every single user who tried to log in went right past the login screen, and found themselves logged in as Kenneth, a 36 year old man from Oslo," a report by Joakim Larsenon at Icrontic revealed.
"Users then had access to all financial data of this unfortunate person over two years back in time, in addition to the financial information of his wife and the company he worked for. Altinn shut down some 15 minutes later, and has been down since."
According to the report, it is not yet known how many people have been nosing through Kenneth's personal tax affairs. It added that Jørgen Ferkinstad, communications director for Altinn revealed that, after the unfortunate Kenneth had logged in, his data was stored in a server cache and given out to all and sundry thereafter.
At the time of writing we have not received comment from Brønnøysundregisteret, the company that runs the service. The web site is still down. µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted