Teen Hacker Discovers Educational Software Vulnerabilities That Got Millions of Student Records Exposed

2 years ago



Teenager Bill Demirkapi who was a speaker at the DEF CON hacker conference in Las Vegas revealed an educational software developer Blackboard that was ghosting him. As told by Mashable, Demirkapi had been in contact with the company and reported multiple vulnerabilities. Eventually, after being in communication with Demirkapi, the company stopped answering his emails. The Typical Student team learned why student claims he's been ghosted. 


Everything from students' immunization history, to attendance data, was available online




Through Blackboard's system vulnerabilities, Demirkapi discovered there was a possibility to access a host of student data (family military status, weighted GPAs, and special education status). Still, Blackboard wasn't his only target. Being a keen security researcher, he also warned Follett, K-through-12 software maker. According to Demikapari, the company exposed millions of student and teacher records to literally anyone.


All the vulnerabilities were patched




Given there are over 5 million student and teacher records in the system covering more than 5,000 schools, this exposure is scary. Everything from students' immunization history, to attendance data, from school photos, was available online. 

As Demikapari tried to notify both his high school and the software manufacturers, he got a two-day suspension. In the end, the companies listened and most of the vulnerabilities were patched by the end of July. 


recommended for you

Any questions or propositions?