Hacker Attacks Kindergarten Software To Download Data Of Parents

An IT engineer has been arrested by authorities in Bulgaria on a charge of a security breach in the software that local kindergartens use. The vulnerability let Petko Petrov - an IT specialist download 235,543 citizens’ details in Stara Zagora, which is a central Bulgaria-based province with more than 333,000 people.

Petkov posted a video on Facebook to show this security flaw a few days ago. As you can see in the video, he carried out a cyber attack against the web portal of the local municipality in which parents can register their children for enrolling in kindergarten, and then used the flaw to get Bulgarian citizens’ data.

The IT specialist said in the video caption posted on Facebook he attempted to contact the developer of the software as well as local authorities, however, he didn’t get any response. The caption also showed a URL to a repository on GitHub in which anybody could get the code for taking advantage of the security flaw. After Petkov publicly showed the vulnerability, authorities detained him on 28 June. He was imprisoned for 24 hours but later released.

It is known that local prosecutors have been still pending the charges under the Bulgarian Criminal Code’s Article 319A for getting government info by illegal methods. Should Petkov be accused and convicted, and he can be sentenced 1-3 years in prison and fined up to Rs 2,00,000 - according to local newspapers.

Meanwhile, officials in Stara Zagora have already removed the software. In addition to this, Stara Zagora’s mayor said to local media that the developer of the software hasn’t responded to government officials’ requests for comments.

As per the mayor, the enterprise called Information Services AD needs to fix the software on its own cost. The IT expert also said that other Bulgarian provinces also use this software. This means hackers are easy to collect the data of the citizens in Bulgaria.