HITBSecConf2017 Amsterdam (April 10th - 14th)
Register Online Now!
Code.org Hacked, Emails and Locations Data of Volunteers Compromised 33
An anonymous reader allegedly quoting an email from Code.org, claims that the database of the non-profit organization has been breached:
Some personal data was accessed on our web site by a firm exploiting a client-side vulnerability. Your email address and your location, if you provided it, were compromised and may have been read. The exploit was limited to engineers and others who volunteered to help in classrooms. No student or teacher accounts were impacted, nor passwords or additional information. The exploit did not give hackers access to any of our servers. Earlier this week, a volunteer engineer told us he received an unsolicited recruiting email from a technical freelancing firm in Singapore. We determined the firm was able to retrieve the volunteer's private email address by exploiting a client-side vulnerability on our volunteer map. We've since had 6 similar cases reported. We've fixed the problem, and all private data was secured against future attacks late Friday. We also inspected and secured the rest of our site from similar vulnerabilities.
Code.org has confirmed to Slashdot that it has indeed suffered a breach.