The Oklahoma Department of Corrections has let the private information of nearly 11,000 people be leaked out to the public. The information comes from a federally mandated registry of sex offenders in the state.
A smart hacker was able to use a database exploit in Sexual and Violent Offender Registry to get the name, address, race, social security number, and more personal from the registry. By typing in certain information into a browser URL would pull this data from the database and be available for download.
This hacker did what any good hacker would do. Before going public he wrote a message to the people who programmed the site. The person he contacted was appreciative for pointing out the flaw and would then pass this information to the developers.
The day after the phone call was made the site was taken down for “routine maintenance”. It looked as if the flaw was fixed…except the “printer friendly page” still was not fixed. After another e-mail to the person in charge of the developers the site again went under “routine maintenance” and the flaws were fixed.
Say what you will about the people on this registery, no one should have there personal information up on a web page that can easily be viewed. In this case by changing the URL anyone could have viewed this data. I would also like to add that the “hacker” featured in this article would not be the type of person getting into the IRS database or stealing you identity. That type of person is called a thief.
Leave a Reply
You must be logged in to post a comment.