Security News > 2021 > October > Missouri Vows to Prosecute ‘Hacker’ Who Informed State About Data Leak
The St. Louis Post-Dispatch newspaper recently found a huge security blunder: The Missouri educational agency's site was displaying 100,000+ clearly visible Social-Security numbers for school teachers, administrators and counselors in its HTML source code.
Through a multi-step process, an individual took the records of at least three educators, decoded the HTML source code, and viewed the SSN of those specific educators.
"Through a multistep process," Parson gravely said, "An individual took the records of at least three educators, decoded the HTML source code and viewed the Social-Security numbers of those specific educators."
The Post-Dispatch reported that it had found the Social-Security numbers in the HTML source code of the website's pages, exposed due to a vulnerability in a web app that allowed the public to search teacher certifications and credentials.
Every major browser allows you to view HTML source code of any web page by using the browser's developer tools.
In 2019, data scientist David Stier reported that for months, the source code for Instagram's website was showing some user profiles that displayed phone numbers and emails: data that wasn't available on public-facing pages.
News URL
https://threatpost.com/missouri-prosecute-hacker-data-leak/175501/
Related news
- NTT boss takes early retirement to atone for data leak (source)
- GhostRace – New Data Leak Vulnerability Affects Modern CPUs (source)
- Shopping platform PandaBuy data leak impacts 1.3 million users (source)
- Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise (source)
- Home Depot confirms worker data leak after miscreant dumps info online (source)
- Hacker claims Giant Tiger data breach, leaks 2.8M records online (source)
- Cerebral to pay $7 million settlement in Facebook pixel data leak case (source)
- UnitedHealth confirms it paid ransomware gang to stop data leak (source)