A high school senior in Lexington, Massachusetts discovered two vulnerabilities in software programs employed by his school which could have potentially affected the student data of around 5 million students.
Billi Demikarpi is a teen hacker who developed a penchant for hacking when he was in the freshman year and subsequently uncovered serious security flaws in two education programs, Aspen and Blackboard.
Reportedly, the probable consequences of these vulnerabilities would have been more disastrous than those San Diego Unified School District faced after the massive data breach that put to risk the data of more than 500,000 students along with the staff of the school.
The information that could have been exposed via the Aspen vulnerability includes details of bus routes, birthplaces, special education status, number of reduced or free lunches and suspensions.
It could have been exploited by the hacker to gain access to the data on the website after entering his own script as the Aspen website lacked the filters which other websites usually contain in order to reject hacker requests.
According to the statements given by both the companies, no one has exploited the security flaws besides Billi, who only accessed the information about himself and of a friend's whom he took consent from before doing so.
While sharing his experience, Demirkapi said, “These companies say they're secure, that they do audits, but don't take the necessary steps to protect themselves from threats.”