|
When it comes to security, not everyone is updated and aware of the security tactics one needs to apply to keep its online activities under check and hence many of us rely on third parties for keeping our data safe and sound. One such website Code.org who is known for encouraging people learn Computer Science and its basics by registering themselves on the website recently got breached.
It has been officially confirmed by the website too as well that it recently suffered from a security breach. Detailing the attack, the website reported that despite all the security measures that were undertaken by the website to ensure the confidentiality of the data, a firm based in Singapore was still able to get access to some of the personal data leading to a client-side vulnerability. Due to the unwanted intrusion, approximately or rather 12,000+ volunteer email address with the addition of some location data also got compromised.
The company Code.org in its official blog post stated that the security breach has not affected everyone, but only those engineers and other users who volunteered themselves to become a part of a classroom teaching and further clarified that none of its remaining 10 million students and teacher accounts got compromised. To let users know of the attack, the website started issuing pop-ups to notify the users whose email address or location data got compromised. This was a genuine notification unlike the rest since it redirected users on the official blog post written by none other than Hadi Partovi - CEO of Code.org website in order to warn the affected users.
The firm wrote in a blog post that "The first case that got reported to us was by an engineer that informed us of getting an unsolicited recruiting email from a technical freelancing firm based in Singapore by getting access to the volunteer's private email ID thereby exploiting the client-side vulnerability on our volunteer map and ever since we have received approximately six similar cases". To keep the security breach to the minimal level, the company fixed the vulnerability and confirmed that 'all private data is now fully secured against future attacks' and not just this, the company has also secured other minor flaws that it found during the inspection phase.
To clarify the situation from its end, the Singapore firm too reached out to Partovi through an email whose contents read, "Sorry about this.... our intention was we thought it'd be good to get them more opportunities to improve their own Computer Science skills beyond the opportunities available in their geographical boundaries / location. We've told our team to stop this with immediate effect. No one should be receiving any more emails from us from this point onwards. You have my word that we will delete their email addresses from our mailing lists. They should not receive any more emails from us." As per the latest reports, the Singapore-based firm has assured that it will remove all the emails from its database.
Get latest and updated information about technology on our Google Plus Community Page.
 |
 |
 |
 |