Security flaw identified
Security flaw identified
Editor: A serious security flaw was recently identified in how the ATO’s online services connect with myGov. Apparently it had something to do with ‘cookies’ in electronic ATO documents that did not expire, meaning the next user of that device who logged into myGov and clicked on a link to ato.gov.au saw the previous user’s records.
The ATO has since confirmed that they have fixed this issue. . . on their Facebook page!:
“Further to recent media coverage, we’d like to reassure the community that we have resolved the issue relating to our online services that was uncovered earlier in the week,
“We appreciate the community alerting us when issues arise. We investigate all reports and tak appropriate action to keep our systems safe and efficient.
“We have implemented a fic to ensure that circumstances covered by the user do not allow this issue to reoccur. We continue to investigate to ensure no other errors are occurring.
“We’d like to remind clients that they should always “logout”, “signout” or “return to myGov” when leaving any secure pages.
“We also encourage the community to report any concerns with our online systems. People can ring 13 28 61 option 5, available 8.00am to 8.00pm, Monday to Friday and 10.00am to 4.00pm. Saturday.”
Ref: https://www.facebook.com/atogovau/posts/1013921668628479
NTAA, ‘The Tax advisers’ Voice’ Edition No.254
Comments are closed.