Password Reset Exposes Everyone’s Account

2 81
Avatar for M.Rosenquist
Written by
This user is who they claim to be.
We have manually verified this user via some other channel.
Proof
1 year ago

Ever wonder what kinds of things happen when good-intentioned people try to manage cybersecurity? Well, in this case, a High School in Illinois responded to a system error by resetting every student’s password and then communicating it to all the parents. But instead of creating a unique password for each student, they decided the most efficient path would be to change everyone’s password to “Ch@ngeme!”.

Chaos ensued, as students were able to then access any other student’s files, school emails, papers, and assignments. It exposed every student’s account to being hacked!

It was likely an honest mistake, rooted in naivete, but it is obvious that a cybersecurity professional was not part of this decision tree. It took a day after parents complained, and unique passwords will be issued, but the damage may already be done.

It does not matter if you are a top-tier critical infrastructure organization, a rural High School system, or a small-to-medium business, be sure to have cybersecurity professionals available when issues of access, security, privacy, or safety are involved.

File this incident under “that is not the way it is supposed to work”!

2
$ 0.18
$ 0.14 from @TheRandomRewarder
$ 0.03 from @JLoberiza
$ 0.01 from @Unity
Sponsors of M.Rosenquist
empty
empty
empty
Avatar for M.Rosenquist
Written by
This user is who they claim to be.
We have manually verified this user via some other channel.
Proof
1 year ago

Comments

It is a funny way of resetting the passwords of all students' accounts in one go! The school's system administrator should be rewarded (punished). If the person is the principal's favorite, it is a different issue!

$ 0.00
1 year ago

I wonder why they came up with system-wide password reset as a solution in the first place.

$ 0.00
1 year ago