Malta’s Business Registry: A Penny for a Million Secrets
Imagine this: You’re a security researcher, browsing through Malta’s Business Registry website, when you stumble upon an unexpected bargain. For just a cent, you can ‘buy’ over a million documents. What’s the catch? And why should you care?
A Penny for a Million Secrets
The Malta Business Registry (MBR) recently found itself in the spotlight after a security researcher discovered a peculiar pricing glitch. Due to a misconfiguration, the registry was charging just 1 cent (€0.01) for access to over 1.3 million documents, including company registers and other sensitive information.
This isn’t some shady back-alley deal. We’re talking about a government-run registry, located at the heart of Malta’s capital, Valletta, on Republic Street. The very same street where locals and tourists alike stroll by, oblivious to the digital goldmine hidden behind the MBR’s unassuming doors.
The Digital Gold Rush
The researcher, who wishes to remain anonymous, stumbled upon this ‘gold rush’ while using a tool to automatically scrape the MBR’s website. Instead of the usual €2.50 per document, the tool showed a price of €0.01. A quick check confirmed the bargain price was real.
But why should you care? Well, these aren’t just any documents. They contain sensitive information about companies registered in Malta, including their directors, shareholders, and registered addresses. In the wrong hands, this data could be used for identity theft, fraud, or even espionage.
The Race Against Time
The researcher immediately notified the MBR about the issue. But with over a million documents up for grabs at a cent each, the race was on to see who would exploit the glitch first – the good guys or the bad.
Luckily, the MBR acted swiftly. Within hours, they patched the issue, preventing any further access to the documents at the reduced price. But the damage was done. Who knows how many documents were already downloaded, and by whom?
As of now, the MBR has not commented on how many documents were actually downloaded at the reduced price. They’ve also not revealed whether they’ve identified any malicious activity related to this incident.
However, they’ve assured the public that they’re working with the relevant authorities to investigate the matter and strengthen their security measures. They’ve also reminded the public that attempting to access or misuse such data is a criminal offense under Maltese law.
So, what’s the moral of the story? While it’s easy to laugh at the absurdity of paying a cent for a million documents, it’s a stark reminder of the importance of digital security. It’s not just about protecting your own data; it’s about protecting everyone’s data.
After all, as the researcher put it, “It’s not about the money. It’s about the principle. And the principle here is that sensitive data should not be accessible for a cent.”
