10 months ago
Teenager Bill Demirkapi who was a speaker at the DEF CON hacker conference in Las Vegas revealed an educational software developer Blackboard that was ghosting him. As told by Mashable, Demirkapi had been in contact with the company and reported multiple vulnerabilities. Eventually, after being in communication with Demirkapi, the company stopped answering his emails. The Typical Student team learned why student claims he's been ghosted.
Everything from students' immunization history, to attendance data, was available online
Through Blackboard's system vulnerabilities, Demirkapi discovered there was a possibility to access a host of student data (family military status, weighted GPAs, and special education status). Still, Blackboard wasn't his only target. Being a keen security researcher, he also warned Follett, K-through-12 software maker. According to Demikapari, the company exposed millions of student and teacher records to literally anyone.
All the vulnerabilities were patched
Given there are over 5 million student and teacher records in the system covering more than 5,000 schools, this exposure is scary. Everything from students' immunization history, to attendance data, from school photos, was available online.
As Demikapari tried to notify both his high school and the software manufacturers, he got a two-day suspension. In the end, the companies listened and most of the vulnerabilities were patched by the end of July.
Keep up with the Typical Student daily email