Whakapapa ski resort has rejected claims its website is insecure.
It follows a "white hat hacker" saying he was able to access credit card numbers and other security details on the website.
Philip Jepsen, a business analyst/ developer, says he applied for a season ski pass on the site using his credit card. Out of interest, he says, he “scanned the website using a well-known security auditing tool” and found “vulnerabilities including an open SQL Server port”.
SQL Server, he says uses "sa" as the system administration user name; armed with that, he claims he was able to view the resort operator's “entire database including customer details , credit card numbers, etc”. Jepsen says he notified the site operator to advise it to secure its server.
However, the webmaster for Compass Networks, Whakapapa's ISP and hosting company, Karin Hussonal, doubts security is a problem at the site. He says there is no evidence of a security break-in. He won’t say if the company will be upgrading the site’s security. “We don’t want to pass much comment; you tend to provoke people to hack in if you do that.
“We believe the site is safe. We don’t have any evidence that this guy did what he said he did. We have looked through logs and we cannot see that any security breach has taken place. We are confident that the site is as secure as it can be,” he says.