New York City’s Metropolitan Transportation Authority (MTA) announced today that it’s disabling the “feature” on its website that made it possible to track people’s movements by entering their credit card info. The MTA says it’s turning off the seven-day history feature for OMNY as part of its commitment to privacy.
“This feature was meant to help our customers who want access to their tap-and-go trip histories, both paid and free, without having to create an OMNY account,” MTA spokesperson Eugene Resnick wrote in a statement to Engadget. “As part of the MTA’s ongoing commitment to customer privacy, we have disabled this feature while we evaluate other ways to serve these customers.”
The OMNY website included a page (screenshotted above) where passengers could enter their credit card number and expiration date to view their seven-day point-of-entry history across NYC’s subways. Although intended to provide convenience for users, it was also “a gift for abusers,” as Eva Galperin, the Electronic Frontier Foundation’s director of cybersecurity, described it to Engadget. Joseph Cox of 404 Media, which originally reported on the security hole, successfully tracked someone’s entry points (with consent) using their card info. “If I had kept monitoring this person, I would have figured out the subway station they often start a journey at, which is near where they live,” Cox wrote. “I would also know what specific time this person may go to the subway each day.”
The feature opened the door to stalkers, abusive exes or anyone who got a person’s credit card to find out where and when they entered the subway. The feature didn’t require a PIN or password; although a separate section allowed travelers to create a more secure account, it was buried farther down the page.
This article originally appeared on Engadget at https://www.engadget.com/nycs-transit-agency-disables-feature-that-made-it-possible-to-track-subway-riders-195003276.html?src=rss https://www.engadget.com/nycs-transit-agency-disables-feature-that-made-it-possible-to-track-subway-riders-195003276.html?src=rssAccedi per aggiungere un commento
Altri post in questo gruppo
ChatGPT has had support for voice conversations since the end of
Pixelfed is now available as a mobile apps for both iOS and Android. The open source, decentralized platform offers image sharing similar to Instagram. However, Pixelfed has no advertisements and d
Meta is preparing for even more layoffs, accordi
The Department of Justice and the FBI shared today that they have completed a project to remove malware used by Chinese hackers from computers in the US. The effort was essentially a court-approved
