One Planet York: An "ethical hacker" reveals a loophole in the application of a city council

A council seeks to reassure residents about the fact that an "ethical hacker" has discovered a loophole in a board application allowing the violation of personal data.

A developer for a Leeds-based digital agency found the encrypted phone numbers, addresses, and passwords of One Planet York users on the app.

York City Council initially warned that 5,994 accounts contained in the application could have been broken.

He has since called the hack "well intentioned" and thanked the developer.

Rapidspike, a digital surveillance platform, said one of its developers "has accessed an application page, as any user" and was able to access a list of ten users with visible personal information.

The developer "did nothing to exploit the vulnerability" of the application, which allowed users to check the dates of waste collection and recycling tips, and immediately informed the board, said the company.

York City Council contacted the North Yorkshire Police and the Information Commissioner's Office after the data breach was communicated.

The One Planet York app has since been removed from the app's apps and website, and the authorities have asked the remaining users to remove it from their devices.

On Monday, the council tweeted: "Despite attempts to contact [the hacker]they did not answer and as a result of what appears to be deliberate and unauthorized access, we informed the police ".

More Yorkshire stories

The local authority, which has since revised its position, said: "Following a re-examination, it became clear that the person who had identified the problem with the application had tried to contact us but that their e-mail had not been received because of security settings.

"Although we felt that we had taken the appropriate measures based on the facts of the time, we can now confirm that it was a well-intentioned action on the part of the person concerned and we wish to thank her for raising this case ".

An ethical hacker, also called "white hacker," is a person who looks for vulnerabilities in the data in the public interest, rather than for malicious or criminal purposes.

The investigation and intelligence unit of the North Yorkshire Police said that the developer had "acted correctly".