Mike Parson, Governor of Missouri, United States. Source: HTML
Missouri Governor Mike Parson accused a visitor to the state’s Department of Elementary and Secondary Education (DESE) website of hacking into and accessing the social security numbers of teachers in the United States. United.
Pastor noted an anonymous individual had been reported to the Cole County Procuratorate and the State Highway Patrol’s Digital Forensic Unit, for allegedly “decoding the HTML source code” of the site to display Social Security numbers ( SSN).
Hypertext markup language is used by web browsers to format text and present objects that visitors can view on pages.
Most web browsers allow you to view the HTML source code used to assemble pages through a specific key combination.
Parson denounced the posting of “HTML source code” on Twitter, where other users questioned that such action could be interpreted as hacking.
A Twitter user also pointed out that Parson’s own governor site running the open source Drupal 8 content management system had been configured in debug mode, which in turn appeared to expose sensitive data.
Hey man, I just went through a multi-step process to decode your own website’s HTML source to see that it works in debug mode and exposes the paths to the twig models. pic.twitter.com/iuW2c10iQ1
– Comfortably numb (@YGalanter) October 14, 2021
The governor of Missouri, however, doubled down on his allegations and insisted that the anonymous individual had accessed, converted and decoded the HTML source code.
We want to be clear, this DESE hack was more than just a “right click”.
THE FACTS: An individual accessed the source code and then went further to convert and decode this data to obtain the personal information of teachers in Missouri. (1/3) pic.twitter.com/JKgtIpcibM
– Governor Mike Parson (@GovParsonMO) October 14, 2021
At the time of writing, it is still unclear whether Missouri law enforcement will investigate the HTML source code viewing incident and take action against the person (s) behind it. .
After the data breach was announced, the St. Louis Post-Expedition reported that more than 100,000 SSNs may have been vulnerable in the incident.
Adding a twist to the story, the newspaper said that one of its reporters discovered the vulnerability and confirmed that the nine-digit numbers displayed on the site were indeed SSNs, belonging to three teachers.
While full details of the flaw have yet to be released, it appears anyone can search the DESE site and discover teachers’ SSNs, which could then be used for identity fraud.