Norwegian Government Site Crashes, Logs Everyone In As Kenneth

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Follow on: Google +

Site users got access to real Kenneth’s financial details in one of the weirdest data breaches ever

Norwegian government website Altinn has logged thousands of people into the account of one unlucky man named Kenneth, reports Icrontic.

They were then able to see Kenneth’s financial information, as well as data about his wife and the company he was working for.

Attack of the Kenneths

Altinn is a website run by the Norwegian government, on which citizens fill out important forms. Every year the server has crashed due to high traffic from people who want to check their taxes.

This year, it was worse. The tax results were published at around 6AM local time on Tuesday. By 9AM, over 200,000 people had tried to log on, and as a result, the server crashed.

From then on, things got progressively weirder. At noon, the traffic became stable and servers returned online. But by 6PM local time, every single user who tried to log in went right past the login screen, and found themselves logged in as Kenneth, a 36-year-old man from Oslo.

Users then had access to all financial data of this unlucky fellow, dating back over two years. The financial information of his wife and the company he worked for was also exposed. Altinn shut down some 15 minutes later, and remained offline ever since.

It is not known how many people got access to this information, or if any data was copied or downloaded. According to Jørgen Ferkinstad, communications director for Altinn, the episode happened because the real Kenneth had logged in and his information got stored in the server’s cache memory.

The real Kenneth has contacted his lawyer, but refused to give any statement.

How well do you know Internet security? Try our quiz and find out!