SNCF closes web security loophole
Rail operator has been aware of flaw since June 2008 that makes it possible to access other people's personal details
A WEB security loophole allowing hackers to access the personal details of thousands of rail passengers has been closed after it was uncovered by a newspaper.
The SNCF has been aware of the flaw since June 2008, according to Le Canard Enchainé, which received a leaked internal memo from then warning of a "possible misuse of customer data".
A hacker showed how easy it was to access the name, address, telephone number and date of birth of customers registered on www.voyages-sncf.com - all that was needed was one person's railcard number.
The Canard says this data is very valuable - fetching between €8 and €20 per person when sold on to other companies for marketing purposes.
The SNCF said it had corrected the problem. It insisted that customers' credit card or bank account details were completely secure.
The firm, which was alerted to the story on Monday, said in a statement: "Our technical team immediately set to work fixing the problem. We have opened an inquiry and we are not ruling out taking legal action [against the hackers]."
Voyages-sncf.com sells 55 million tickets every year.
