Security News > 2021 > October > Missouri Vows to Prosecute ‘Hacker’ Who Informed State About Data Leak

Missouri Vows to Prosecute ‘Hacker’ Who Informed State About Data Leak
2021-10-15 17:44

The St. Louis Post-Dispatch newspaper recently found a huge security blunder: The Missouri educational agency's site was displaying 100,000+ clearly visible Social-Security numbers for school teachers, administrators and counselors in its HTML source code.

Through a multi-step process, an individual took the records of at least three educators, decoded the HTML source code, and viewed the SSN of those specific educators.

"Through a multistep process," Parson gravely said, "An individual took the records of at least three educators, decoded the HTML source code and viewed the Social-Security numbers of those specific educators."

The Post-Dispatch reported that it had found the Social-Security numbers in the HTML source code of the website's pages, exposed due to a vulnerability in a web app that allowed the public to search teacher certifications and credentials.

Every major browser allows you to view HTML source code of any web page by using the browser's developer tools.

In 2019, data scientist David Stier reported that for months, the source code for Instagram's website was showing some user profiles that displayed phone numbers and emails: data that wasn't available on public-facing pages.


News URL

https://threatpost.com/missouri-prosecute-hacker-data-leak/175501/