Missouri Governor Mike Parson announced that a person had stolen Social Security numbers after “deciphering the HTML source code”. However, a local media publication denies this claim, saying the person was their own reporter who warned Parson’s administration of the vulnerability and had it fixed before reporting on it. The word “SSNs” started to become trending after Parson’s announcement on Twitter, as people pointed out that if the social security numbers were in the source code, it meant they were visible simply by pressing F12.
In a series of tweets after a press conference Pastor announced that one person deciphered the HTML source code and took three teachers’ social security numbers. He said the Cole County Attorney and the Highway Patrol Digital Forensic Unit were investigating the “serious” matter. He described the person as a “hacker”.
He wrote on Twitter in a series of tweets:
“SSNs” started to be on trend on Twitter when people pointed out that they believed the real problem was keeping social security numbers visible in the HTML source code. They pointed out that viewing HTML source code is a simple affair, often just pressing F12.
Here is another example of a response from someone with an F12 reference.
One person wrote, “If there were social security numbers in the HTML of a website, the wrongdoing here isn’t with the person who discovered it.”
Another person replied, “That is literally plain text.”
One person wrote, “’The HTML decoded’ is a strange way of saying that I opened the webpage after we made it public.
Josh Renaud of St. Louis Post-Dispatch reported that the government website had exposed and compromised the social security numbers of school teachers, administrators and counselors in Missouri.
The report found that the Post-Dispatch was the one who discovered the vulnerability and allowed the government to fix the problem before reporting on it. More than 100,000 social security numbers were revealed. They reported that the numbers were not clearly visible, but were easy to find by simply reading the HTML source code on the websites in question.
Shaji Khan, professor of cybersecurity at the University of Missouri-St. Louis told Post-Dispatch that this was an important issue.
Khan said: “The fact that this type of vulnerability is still present in the DESE web application is mind-boggling!”
The Post-Dispatch reported that the state Department of Elementary and Secondary Education (DESE) later blamed the Post-Dispatch for the problem. Education Commissioner Margie Vandeven wrote in a letter to the teachers: “One person has taken the records of at least three educators, decrypted the source code from the website and looked at the social security number (SSN) of those particular educators.”
However, the Post-Dispatch denied this characterization and found that they only confirmed the vulnerability with three educators before warning the department about the vulnerability. The DESE press release referred to the person as a hacker, but that person was actually a reporter who discovered the vulnerability and then warned the government about it, the Post-Dispatch reported.
Post-dispatch attorney Joseph Martineau said:
The Post-Dispatch later reported that Parson said the news agency itself was being held responsible. The Post-Dispatch reported that Parson said the person who told DESE about the mistake was “trying to embarrass the state and sell headlines for their news agency.”
Khan informed the Post-Dispatch that the confidential information was encrypted by not encrypting it.
CONTINUE READING: Hallmarks Christmas film lineup 2021