Human error behind ActiveSG app glitch: Sport Singapore

A screenshot of the ActiveSG app. A glitch had led to 108 members' information being accessible to 84 other members on Friday. The problem was fixed within two hours, said Sport Singapore.
A screenshot of the ActiveSG app. A glitch had led to 108 members' information being accessible to 84 other members on Friday. The problem was fixed within two hours, said Sport Singapore.

National agency Sport Singapore (SportSG) yesterday apologised for a software glitch on its ActiveSG app that caused the information of 108 members to be accessible to 84 other members on Friday.

SportSG said it received feedback from 28 affected users on Friday, and the problem was rectified within two hours. SportSG noted: "Our investigations revealed that it was human error on the part of the app vendor that led to this incident. We are working with our vendor to tighten their protocols.

"We have since contacted all our members who were affected to apologise. We assured them that none of their accounts had been disrupted and remedial actions had been taken to protect their personal information."

Due to the glitch, a parent accessing his child's supplementary account via the parent's ActiveSG app was able to view a stranger's registration details, such as name, date of birth, mobile number, e-mail and home addresses, although no financial information could be accessed.

Also, in six cases, the glitch meant that adult individuals were able to enter ActiveSG swimming pools at discounted rates reserved for children and seniors.

These have since been corrected, said SportSG.

The ActiveSG app was launched in 2014 in line with the national movement for sport. Members can use the app to pay for programmes and access to facilities such as public gyms and swimming pools.


A screenshot of the ActiveSG app. A glitch had led to 108 members' information being accessible to 84
other members on Friday. The problem was fixed within two hours, said Sport Singapore.

All Singaporeans and permanent residents are eligible, but have to activate their membership to enjoy perks such as discounts and exclusives. There are currently 1.6 million ActiveSG members here.

WORKING WITH VENDOR

Our investigations revealed that it was human error on the part of the app vendor that led to this incident. We are working with our vendor to tighten their protocols. We have since contacted all our members who were affected to apologise. We assured them that none of their accounts had been disrupted and remedial actions had been taken to protect their personal information.

SPORTSG, in its statement apologising to ActiveSG members whose information became accessible to other members.

This incident follows two recent incidents where personal data was compromised.

In July last year, hackers infiltrated SingHealth's computers, and stole the personal particulars of 1.5 million people, including Prime Minister Lee Hsien Loong.

In January, the Ministry of Health revealed that the details of 14,200 people with the human immunodeficiency virus (HIV) were leaked after American Mikhy Farrera Brochez illegally accessed the HIV Registry.

A version of this article appeared in the print edition of The Sunday Times on March 03, 2019, with the headline 'Human error behind ActiveSG app glitch: Sport Singapore'. Print Edition | Subscribe