An error on the T-Mobilitat website, the electronic card for Barcelona’s public transport that is in the pilot phase, revealed data on users registered on the platform on Tuesday. As confirmed by the Metropolitan Transport Authority (ATM), it is an “operational error” on the website, which is currently in the testing phase.
Consortium sources have assured that the time that this data has been available was “limited” and “very short” and that the security breach was corrected “immediately”. As a result of this incident, the ATM has announced that it has opened an information file with the company responsible for the website, reports the ACN.
According to the ATM, during the time that there was this security hole, only one person accessed “non-sensitive data.” A citizen denounced yesterday afternoon in a Twitter thread that he was able to enter the page with the administrator user and had access to the data of some 2,000 users, who could have deleted or added new ones, and in all the content of the Web.
As the user explained, he realized the gap after registering correctly and that moments later the web repeatedly redirected him to the main page. Later, that same user certified that those responsible had already changed the password.
The ATM announced on Monday that it would extend the usability tests of the T-Mobilidad, which accumulates years of delays and cost overruns in its implementation, to the general public and that it would add new digital channels such as the web and the mobile application. This is one more phase of the tests that 4,000 users began in June with the verification of the validation, both with the rechargeable card and with the mobile phone.