When the Malir Development Authority (MDA) set up a portal for people to submit applications online for a low-cost housing scheme in Karachi’s Taiser Town it seems it didn’t test the application portal for glitches. And there’s huge glitch — the portal is giving out people’s private information.
When MDA announced this low-cost housing scheme on Wednesday, it also gave applicants an option to fill the form online and print it to avoid the rush at branches of Silk Bank, its official partner for the scheme.
Since day one people have been complaining about glitches in the portal saying they were unable to print the form or got print outs of applications without serial numbers, which means they will not be eligible to participate in the ballot for the plots.
However, there’s an even bigger problem.When you fill out the application form online, you are asked to submit and print it. Once you follow this instruction, you may have noticed the application form that prints out doesn’t have your name. Instead, it has the name and personal information of another applicant.
Yes, you read that right. Five members of SAMAA Digital’s staff repeated this exercise and every single time a new form popped up with somebody else’s details instead of the applicant’s. We have all these applications available with us. When we contacted the people whose details were on the forms instead of our staff’s, it turned out they or a relative had indeed submitted forms under their names and CNIC numbers.
And we weren’t the only ones to notice this glitch. People even took to Twitter to post about it.
All those filling out online form for taiser town, I can view your private details. The portal is not secure. Copy paste this link and everytime your refresh your browser u will see complete details of diferent people https://t.co/Qyfk7FqcNs #taisertown #malirdevelopmentauthority pic.twitter.com/29o4DA2PDn
— Monis Usman (@bluedejavu85) March 7, 2019
This glitch was not removed by the time this article was published. This means the personal information of candidates filling out forms online can be accessed by anyone who accesses the portal after them. This includes their name, father or husband’s name, CNIC number, mobile number, date of birth, email address, and current as well as permanent home address. This is exactly the information that hackers try to collect through illegal means and sell in the market, which is then used by those who purchase it for scams and frauds.
SAMAA Digital made several attempts to contact the MDA but the calls could not be connected. As a result, we could not find out how many people have already submitted their applications online, but an officer at Silk Bank said that the MDA estimated that 400,000 applications would be received online and 400,000 at Silk Bank branches.
The number of people who showed up at the bank’s 30 branches across Karachi was much higher than what they were expecting, which means the number of online applicants could have exceeded 400,000.