Code.org Hacked, Emails and Locations Data of Volunteers Compromised 33
An anonymous reader allegedly quoting an email from Code.org, claims that the database of the non-profit organization has been breached: Some personal data was accessed on our web site by a firm exploiting a client-side vulnerability. Your email address and your location, if you provided it, were compromised and may have been read. The exploit was limited to engineers and others who volunteered to help in classrooms. No student or teacher accounts were impacted, nor passwords or additional information. The exploit did not give hackers access to any of our servers. Earlier this week, a volunteer engineer told us he received an unsolicited recruiting email from a technical freelancing firm in Singapore. We determined the firm was able to retrieve the volunteer's private email address by exploiting a client-side vulnerability on our volunteer map. We've since had 6 similar cases reported. We've fixed the problem, and all private data was secured against future attacks late Friday. We also inspected and secured the rest of our site from similar vulnerabilities. Code.org has confirmed to Slashdot that it has indeed suffered a breach. The non-profit separately wrote in a blog post that a Singapore-based recruiting firm had exploited a vulnerability on its website to send emails to Code.org members. Following is an email sent by the recruiting firm to Hadi Partovi, CEO, Code.org. "Sorry about this... our intention was we thought it'd be good to get them more opportunities to improve their own Computer Science skills beyond the opportunities available in their geographical boundaries / location. We've told our team to stop this with immediate effect. No one should be receiving anymore e-mails from us from this point onwards. You have my word that we will delete their email addresses from our mailing lists. They should not receive anymore emails from us."
Re: (Score:1)
Unlike many programming languages, Rust never sleeps. I think someone proposed a sleep() function but he was given a Torvalds-style tongue lashing on the mailing list.
Bear in mind that there's more to the picture than meets the eye.
(But what does that have to do with Country Life butter [youtube.com]?)
Re: (Score:2)
Re: (Score:2)
It just makes me wonder if the "client-side vulnerability" was something super tricky like "View Page Source"...
Real World (Score:1)
Maybe this could be one of the assignments to solve.
Oh wait, that would actually be complex and require actual thinking skills instead of copying hell world examples and calling yourself a "coder"
Re: (Score:2, Funny)
Whenever I try to code hell world, my code crashes and burns :(.
Re: (Score:1)
put it on the internet (Score:2)
Re: (Score:1)
Re: (Score:2)
Negligence? Privacy violations.
Just click on the link (Score:4)
One Weird Trick to Hack Any Web Site (Score:3, Interesting)
This wasn’t a case of hackers breaching our security systems, rather it was our mistake of leaving volunteer email addresses accessible via the web browser.
In other words, someone used the "View Source" command?
Name the spammer (Score:3)
Can anyone here identify the spamming company? It's difficult to judge the validity of the recruiter's apology of we don't know who it was.
Couldn't happen to a more irrelevant bunch (Score:3)
Code.org, code.org... oh yeah, isn't that the wankfest that taught Obama how to write an if...then statement? The guys who want us to get new top hats even though our coat tails are on fire? Education is already totally boned and they want kids who can't read or write to learn how to code. They can't secure their site? I am Jack's total lack of surprise.