Forbes '30 Under 30' Conference Website Exposed Attendees' Personal Information (vice.com) 12
An anonymous reader shares a Motherboard report: Every year, Forbes' 30 Under 30 list recognizes people blessed with both youth and exceptional talent in their field -- including celebrities, startup founders, doctors, and artists. These are smart, savvy professionals -- and when some of them include information security pros, they're bound to go poking around for vulnerabilities. That's what Yan Zhu, a privacy engineer who made the 2015 list, was doing when she found a gaping privacy hole in the way Forbes handles recipients' personal information. Once you make the list, Yan told me in a Twitter direct message, Forbes asks you to register for its annual Under 30 Summit conference. "They send you a link for conference registration, but it's not tied to your email address," she said. "So you can literally enter anyone's email address who is also a 30 Under 30 member and it shows you their personal info." That information carries over into all future years, she said.
"That information carries over into all future (Score:2)
years". What does that mean?
Re: "That information carries over into all future (Score:4, Insightful)
Presumably every year that the researcher has tested the link subsequent to being initially recognized, such as years 2016, and 2017, the researcher has confirmed that the vulnerability still persists.
Welp ... (Score:2)
(Maybe "30 under 30" meant how much personal info would be exposed in how many minutes.)
Re: (Score:2)
Privacy engineer at least indicates a focus.
Software engineer, programmer, and coder are used ambiguously or interchangeably so often that the distinction is meaningless.
what's the big deal? (Score:2)
Re: (Score:1)