NDP organisers say no data leak on ticketing site, but do not say if there's a security flaw

SINGAPORE - The Internet is abuzz with criticism of the National Day Parade (NDP) website over an apparent security flaw that could potentially allow hackers to steal data entered on the site. But the NDP Executive Committee has said that no personal information has been leaked, without confirming or denying the flaw.

In a statement late Tuesday night in response to media queries, executive committee chairman of ticketing Lieutenant-Colonel Jason See said: "We have reviewed our IT security infrastructure and would like to reassure Singaporeans that no personal information had been compromised. Nevertheless, the level of security can be further enhanced, and we will do so."

Singaporeans can still apply for tickets during the upgrading of the NDP website. They can also apply on AXS and SAM machines, and via SMS. Applications close on May 25.

Blogger Zit Seng first highlighted the flaw in a blog post on Monday. The post has gained wide attention, with netizens criticising the apparent lack of security.

According to the blog post, an NDP sub-site that takes citizens' e-balloting submission for NDP tickets does not use encryption technologies such as Secure Sockets Layer (SSL) to secure its web links. Encryption is the process of encoding information so only authorised parties can read it.

This is even though the site, up since Saturday, asks for personal information such as name, and identity card and phone numbers.

Join ST's WhatsApp Channel and get the latest news and must-reads.