Cyber Attack | Data Breach

Published on March 16th, 2016 📆 | 4229 Views ⚑


Flaw In The Exposes Volunteer Email Addresses is an organization where students learn computer science. This weekend on their website they found a flaw by which unauthorized parties can easily get access to the email addresses of its volunteers.

On Friday, they came to know about this flaw, because many of their volunteers received an unwanted job email messages. All the job messages were for the Singapore-based recruiting firm that had leveraged the “error” to obtain private email addresses.
The recruiting company apologized to and promised them that they delete all the collected email addresses. They also ensure to stop sending messages to the addresses it obtained by exploiting the bug.
CEO of (Hadi Partovi) wrote in his blog post that
[adsense size='1']

“Based on [the recruiting firm’s] response, it’s possible the vulnerability may have had limited impact, but we can’t be sure, Regardless, we’ve also inspected and secured the rest of our site from similar vulnerabilities. The vulnerability was quickly patched and Partovi pointed out that this was not a data breach, rather a mistake on their part that left volunteer email addresses accessible via the web browser.”

According to the CEO, neither the details of their 10 million teachers and students were revealed, nor the servers are vulnerable and those students who are under the age of 13, their email addresses were also not stored by the organization. The client-side vulnerability was the major reason behind this incident, and the email revealed the location data.
Partovi ensures to the users that this kind of incident will never happen in the future.

Source: TheRegister

Comments are closed.