Norwegian Government Site Crashes, Logs Everyone In As Kenneth
Site users got access to real Kenneth’s financial details in one of the weirdest data breaches ever
They were then able to see Kenneth’s financial information, as well as data about his wife and the company he was working for.
Attack of the Kenneths
This year, it was worse. The tax results were published at around 6AM local time on Tuesday. By 9AM, over 200,000 people had tried to log on, and as a result, the server crashed.
From then on, things got progressively weirder. At noon, the traffic became stable and servers returned online. But by 6PM local time, every single user who tried to log in went right past the login screen, and found themselves logged in as Kenneth, a 36-year-old man from Oslo.
Users then had access to all financial data of this unlucky fellow, dating back over two years. The financial information of his wife and the company he worked for was also exposed. Altinn shut down some 15 minutes later, and remained offline ever since.
It is not known how many people got access to this information, or if any data was copied or downloaded. According to Jørgen Ferkinstad, communications director for Altinn, the episode happened because the real Kenneth had logged in and his information got stored in the server’s cache memory.
The real Kenneth has contacted his lawyer, but refused to give any statement.
How well do you know Internet security? Try our quiz and find out!