Internet vulnerabilities are rampant. The extent of the dangers in the digital space are often overlooked as more people and organizations are getting connected to the digital world daily. Sometimes, this ignorance wrecks havoc. There are very few organizations that believe in facilitating a secured digital space. GDI Foundation is one of them.

 GDI is a Non-Profit Organization based in The Hague, Netherland. The thing that differentiates GDI is that it has volunteers all around the world. In the past three years since the day GDI was founded in 2016, GDI has reported thousands of vulnerabilities. GDI believes in providing its services all over the world and helping people in securing their digital information. From Project 365 till date, GDI has received several recognitions. Some of the recent notable GDI disclosures include

  • Facebook Disclosure:

https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/

  • China Breed Ready Disclosure:

https://www.theguardian.com/world/2019/mar/11/china-database-lists-breedready-status-of-18-million-women

 According to an Internet Security Threat Report by Symantec released in February 2019 announced some startling details, such as 

  •     1 in 10 URLS are malicious;
  •     A 56% increase in Web attacks;
  •     A 78% increase in supply chain attacks (cyber-attacks that seek to damage an organization by targeting less-secure elements in the supply network); and
  •     A 25% increase in the number of attack groups using destructive malware.

 As the threat of attack groups continues to increase, companies have to remain vigilant to ensure that they don’t succumb to any attacks. Fortunately, the internet community has vigilantes such as GDI who are always on the lookout to safeguard its interest. GDI’s approach in an open and democratic digital world sees its members being allowed to make decisions, do things responsibly and help companies to patch vulnerabilities. Essentially, GDI detects and analyses high risk “criminal” opportunities, shares the risk and vulnerabilities with everybody, informs the ones who are at risk and gives free advice about a solution.

GDI researcher Sanyam reached out to the ParentTown (PT) team early this month to notify us about an exposed port issue. PT is Southeast Asia’s largest parenting community that reaches more than 25 million users monthly. The platform facilitates services such as asking questions and receiving answers from doctors and fellow parents. There’s even an option to go anonymous or tag your post as NSFW. Among other features is a pregnancy tracker, which tracks a pregnancy daily all the way to the birth of the baby. PT also offers access to hundreds of original baby and child audio, video and storybooks.

With the prompt response of our IT team, the port was sealed before any information was exposed on public domain. Additionally, PT has done a thorough check on its entire IT infrastructure system to ensure that there are no other vulnerabilities in-place and hired a reputable company to carry out infrastructure penetration tests.

“We would like to thank the Sanyam and GDI team for the work they have done to make the Internet a safer place and greatly appreciate their notification. Even though we keep our systems updated and secured, this serves as a good reminder that we need to constantly be on the ball for the best interests of our users,” said Alvin De Cruz, Head of Engineering, PT. 

On this incident, Victor Gevers, Chairman of GDI, commented, “There are easily more than 36 million internet vulnerabilities at the present moment and such issues are present in all companies. With ParentTown’s swift response following our notification, user information has been protected and secured. We hope to assist more companies in preventing attack groups from exploiting vulnerabilities and preying on the internet community.”

As told by Sanyam, a GDI member and an independent researcher, the current initiative is to involve more volunteers from all around the world to help researchers in disclosing vulnerabilities, in turn providing volunteers a platform to receive global recognition for their work. The criteria to join GDI is simply one’s skill and passion.