Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Technology

Forbes '30 Under 30' Conference Website Exposed Attendees' Personal Information (vice.com) 12

An anonymous reader shares a Motherboard report: Every year, Forbes' 30 Under 30 list recognizes people blessed with both youth and exceptional talent in their field -- including celebrities, startup founders, doctors, and artists. These are smart, savvy professionals -- and when some of them include information security pros, they're bound to go poking around for vulnerabilities. That's what Yan Zhu, a privacy engineer who made the 2015 list, was doing when she found a gaping privacy hole in the way Forbes handles recipients' personal information. Once you make the list, Yan told me in a Twitter direct message, Forbes asks you to register for its annual Under 30 Summit conference. "They send you a link for conference registration, but it's not tied to your email address," she said. "So you can literally enter anyone's email address who is also a 30 Under 30 member and it shows you their personal info." That information carries over into all future years, she said.
This discussion has been archived. No new comments can be posted.

Forbes '30 Under 30' Conference Website Exposed Attendees' Personal Information

Comments Filter:

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...