Wow, I can't believe it was as easy to discover as "I copied the link you shared and I could edit the results" and yet the ballot company still tried to say it was legit
Southwest Airlines Flight Attendants Forced to Rerun Contract Vote After Crew Discovered Ballot System Was Vulnerable to Fraud (unsecured database web front-end)
Submitted 11 months ago by Pxtl@lemmy.ca to technology@lemmy.world
Comments
swicano@kbin.social 11 months ago
maynarkh@feddit.nl 11 months ago
During a live video stream of the ballot result, a representative of TrueBallot shared their screen, which displayed an internet URL in the address bar of their web browser. A flight attendant watching the stream copied the URL into their own computer and discovered that the link took them to an unsecured database of the vote.
The flight attendant was able to view the name of everyone who had voted and what ballot they had cast, alongside their email address. The database could even be edited, and ballots could be added and deleted.
TrueBallot had literally one job there. It’s not even that hard to provide a secure balloting system for 10k people.
highenergyphysics@lemmy.world 11 months ago
Also the revelation that there was verifiable foul play. Union members who had not cast their vote logged in to find someone had voted for them.
Fucking corporate scum.
Keep taking away avenues of change, I can’t wait to savor the shock in the suits eyes once the final option is used.