Dublin Bus has corrected an error on its travel app after users complained that it had displayed pornography.
The service runs a real time travel app which allows commuters to check when a bus is due. The application has had more than one million downloads on the Android app store.
It emerged this week that pornography appeared on the app, on both Android and Apple devices, if a user clicked on the newsletter segment.
Multiple images and videos of naked women and people in sexual positions could be seen on the newsletter section of the app and the website, along with text in what appeared to be Japanese.
A spokeswoman for Dublin Bus said it was “aware of an isolated issue with a section of our app and website which occurred last night”.
Advertisement
She added: “An investigation has taken place and the cause has been identified and resolved. Further work has taken place to mitigate against the risk of a reoccurrence.”
George O’Dowd, managing director at Novi, a cybersecurity firm, said the incident was likely a prank.
“In this case it looks like someone was doing a prank or proving a point that there was weakness in the software,” he said.
He added: “If you are going to have a public-facing app, you should be behind a web application firewall, that provides an added layer of protection.”
Mr O’Dowd said it was common for apps or websites to have security weaknesses and said the issue was not something that was specific to Dublin Bus.
Advertisement
John Killilea, technical director with Commsec, a cybersecurity consultancy, said it looked like the newsletter section of the app was pulling information from somewhere else, not on the app. “The hackers have spotted this and put something in there and it wasn’t checked. That would be my guess,” he said. He agreed with the assessment that it was likely a prank and not a more serious issue.
Last year, the operators of the Luas said that 3,226 people who signed up to the Luas newsletter may have had their records compromised after its website was hacked. No financial information was compromised. Transdev had to take the site offline after a message appeared on its homepage demanding one Bitcoin, which was worth more than €3,000 at the time.