(Update1) The Palm Beach County School District suffers massive pwd breach after second grader hacks them
See an important update after the original post.
From the no-one-could-have-possibly-foreseen-kids-figuring-out-default-password-conventions dept., Andrew Colton reports:
The Palm Beach County School District is in the midst of a massive computer security crisis that draws into question the authenticity of every assignment completed by every student since “distance learning” began, after BocaNewsNow.com learned that an elementary school student hacked the school district’s password system.
We are not revealing the password convention that is used in the school district, but the second grader’s — you are reading that correctly, the second grader’s — hacking resulted in an emergency login change for “live” morning meetings in several elementary schools last week. It did not result — yet — in a district-wide reassignment of student passwords for the School District’s “Portal” which provides access to Google Classroom.
Read more on Boca News Now.
Update: It seems that the school district was less than thrilled with Boca News Now making their situation public. The paper issued a second story claiming that they received a thinly veiled threat from the district. It is not clear from their reporting, though, what they are being threatened with or what they reportedly did wrong. Is the district accusing them of encouraging a student to violate the student code of conduct because they prudently made sure to verify claims of a vulnerability before reporting on it?
What did the news outlet do wrong? Nothing that I can see.
What did the district do wrong? Let me count the ways, but for now, let’s just add poor incident response to the list.