Malta’s Business Registry: 1.3M Docs for 1c

Imagine this: You’re browsing through Malta’s Business Registry website, and you stumble upon an offer too good to be true. For just a cent, you can buy over a million documents. Intrigued? You’re not alone. This peculiar deal has left cybersecurity experts and locals alike scratching their heads.

Malta’s Business Registry, a crucial database housing information on local companies and their directors, recently found itself in an unusual predicament. A security researcher, who wishes to remain anonymous, discovered a glitch that allowed him to purchase a whopping 1,371,565 documents for a mere 1 cent.

The glitch, a result of a misconfigured API, allowed the researcher to exploit the system’s pricing mechanism. Instead of charging per document, the system charged a flat rate of 1 cent per transaction, regardless of the number of documents downloaded. It’s like finding a vending machine that dispenses a month’s worth of snacks for the price of a single chocolate bar.

The researcher, a white-hat hacker who tests systems for vulnerabilities, initially thought it was a mistake. “I was shocked,” he admitted, speaking on condition of anonymity. “I didn’t expect the system to allow such a large download for such a small price.”

Before you start planning your digital heist, remember, there’s no such thing as a free lunch, or in this case, a 1-cent million-dollar document grab. The researcher, acting responsibly, reported the bug to the Malta Digital Innovation Authority (MDIA).

“We’re grateful for the researcher’s responsible disclosure,” said an MDIA spokesperson. “We’ve since patched the vulnerability and are reviewing our systems to prevent such occurrences in the future.”

The catch? While the researcher got a million documents for a cent, he didn’t get them for free. He could have exploited the system for personal gain, but he chose to report it, earning him a reward under the MDIA’s bug bounty program. Not a bad return on investment, considering he only spent 1 cent.

This peculiar incident highlights the importance of strong cybersecurity measures, especially in our increasingly digital world. It also underscores the value of responsible disclosure in the cybersecurity community. As the researcher put it, “It’s not about the money. It’s about making systems safer for everyone.”

So, what’s next for our intrepid researcher? He’s not planning another 1-cent shopping spree anytime soon. Instead, he’s busy helping local businesses and institutions bolster their cybersecurity. After all, in Malta’s digital scene, every cent and every document counts.