An error on the website of Code.org, a not-for-profit aimed at teaching school students how to code, has exposed the email addresses of its volunteers.
The organisation’s chief executive, Hadi Partovi, said an error, rather than a malicious attack, had exposed the email addresses.
“This wasn’t a case of hackers breaching our security systems, rather it was our mistake of leaving volunteer email addresses accessible via the web browser,” he said in a blog post.
“None of our servers were ever vulnerable, nor were our 10 million student/teacher accounts or passwords or other information ever vulnerable.”
The organisation was alerted to the error after around 10 of its volunteers received unsolicited ‘job offer’ emails from a technical recruiting company in Singapore.
While the impact of the error appears negligible, Partovi said the company has taken precautions to bolster security and data protection on its site.
“It’s possible the vulnerability may have had limited impact, but we can’t be sure. Regardless, we’ve also inspected and secured the rest of our site from similar vulnerabilities,” he said.
The situation may be one of the lesser vulnerabilities to be uncovered in recent months, but it highlights that companies and their IT staff need to be increasingly aware of how they handle data protection.
Technical problems aside, companies also need to be aware of the problems posed by disgruntled or devious employees who may look to make use of the data they have access to in ways that leave the company in question in a difficult position.
Ofcom recently faced this situation when it was forced to admit that a former employee attempted to pass on confidential data.
IBM software case reminiscent of TSMC trade secrets theft claim
iPhone 8 specs, release date, price, features, basically everything! But will it have a curved display?
CISO pay boom as security become a boardroom concern