The St. Louis Post-Dispatch newspaper recently found a huge security blunder: The Missouri educational agency’s site was displaying 100,000+ clearly visible Social-Security numbers for school teachers, administrators and counselors in its HTML source code.
The newspaper verified its findings with a cybersecurity professor and then informed the agency responsible for the leaking site – the Department of Elementary and Secondary Education (DESE) – on Tuesday. On the same day, the DESE took down the affected pages. Then, on Wednesday, having waited to disclose the vulnerability until after the pages came down, the outlet published its story.
Read more…
Source: ThreatPost