【?? ??? ??】Enter to watch online.Teenager finds educational software exposed millions of student records

Teenager Bill Demirkapi had been ghosted. Hard. "It didn’t feel good,?? ??? ??" he explained to the large crowd gathered to hear him speak. "It hurt my feelings.”

But Demirkapi, despite his status as a recent high-school graduate, wasn't lamenting the traditional spurned-love problems typical of his cohort. Far from it. Instead, he was speaking at the famous DEF CON hacker conference in Las Vegas, and the ghoster-in-question was educational software maker Blackboard.

Demirkapi had reported numerous vulnerabilities in Blackboard's software to the company; after initially being in communication with him, the company stopped responding to his emails. But Demirkapi, who found he could access a host of student data — including family military status, weighted GPAs, and special education status — through vulnerabilities in Blackboard's system, was undeterred.

In fact, he was just getting started. And Blackboard wasn't his only target.

Original image has been replaced. Credit: Mashable

Over the course of his high school career, Demirkapi — a budding security researcher — also investigated K-through-12 software maker Follett. In doing so, he determined the company left millions of student and teacher records exposed to anyone who bothered to look.

Specifically, he explained, there were more than 5 million student and teacher records in the system that covered over 5,000 schools. Left exposed were students' immunization history, attendance data, school photos, birthdays, and more.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

"It was my data too in there," he told the audience of decidedly not teenage hackers. "This was pretty crazy stuff."

He tried to do the right thing and notified both his high school and the software manufacturers of his discoveries. Using a flaw in the system to alert students and teachers to its vulnerabilities, however, earned him a two-day suspension.

"Two days off of school," he said of the punishment. "I think it’s a pretty big win-win."

SEE ALSO: Remotely hacking elevator phones shouldn't be this easy

Eventually, Follett and Blackboard did listen — and many of the vulnerabilities he reported were patched at the end of July.

"Blackboard is always working hard to improve both the security of our products as well as the process and procedures we leverage in support of security," read a statement the company provided Demirkapi and he shared with DEF CON.

Asked by a member of the crowd what he's going to do next, Demirkapi gave an answer that elicited raucous applause from the hacker crowd: "Start college, maybe break their software."

Never give up on your dreams, Bill. The privacy of millions of students and teachers is counting on it.

---

Featured Video For You

---

From ATMs to printers, hackers prove you can play 'Doom' on anything

---

Topics Cybersecurity

• relaxation
• knowledge
• focus
• hotspot
• explore
• synthesize
• fashion
• recreation

• Council Honors A
• Walmart's Prime Day
• NYT Connections Sports Edition hints and answers for December 13: Tips to solve Connections #81
• Charlotte Hornets vs. Chicago Bulls 2024 livestream: Watch NBA online
• George Chen Running for Torrance City Council
• NYT Connections hints and answers for December 14: Tips to solve 'Connections' #552.
• NYT Connections Sports Edition hints and answers for December 14: Tips to solve Connections #82
• How this law is protecting child influencers in Illinois
• OBITUARY: Susan Watanabe, Writer and Political/Community Activist Leader
• Los Angeles Lakers vs. Minnesota Timberwolves 2024 livestream: Watch NBA online

• Party Rock Anthem has the same BPM as a lot of songs, and it's a glorious meme now
• Deborah Ramirez sends message of love to Dr. Ford before hearing
• Senator Flake faces dramatic confrontation by survivors
• Brett Kavanaugh's use of the word 'emotional' exposes a gross double standard
• The hearing's over, but Twitter isn't buying Kavanaugh's argument
• And now we pick up the pieces after our meltdown over Rod Rosenstein's non
• I am pleasantly horrified by these 'wet unboxing' videos
• A raccoon broke into a woman's kitchen and ate her English muffin
• Customizing Chrome's New Tab page
• Why is gender

• Keiro Awards $500k in Grants to 41 Nonprofit Organizations
• How to unblock TikTok for free
• Best robot vacuum deal: Get the Yeedi M12 Pro+ robot vacuum and mop for its lowest price yet
• Roblox and the BBC have teamed up for UK election coverage
• Man Convicted of Kidnapping, Torturing, Mutilating Marijuana Dispensary Owner
• Amazon Prime Day 2024: How to find the best deals
• 'The Sims 4' adds polyamory in its Lovestruck Expansion Pack
• Etsy to ban sale of most sex toys, explicit content, and more
• Councilmember Huizar's Home, Offices Searched by FBI
• Apple Intelligence appears to post false BBC headline saying Luigi Mangione shot himself

• DMV Director Shiomoto Retiring at End of Year
• Gen Z loves fan
• Why is ChatGPT's Santa Mode only for ages 13 and up?
• 10 YouTube videos you need to watch this week: Kendrick, Skibidi Toilet, and more
• OBITUARY: Richard Fukuhara, 74; Community Leader, Creator of ‘Shadows for Peace’
• Early Prime Day deal: $110 off Shark cordless stick vacuum (IX141)
• How to unblock TikTok for free
• Best robot vacuum deal: Get the Yeedi M12 Pro+ robot vacuum and mop for its lowest price yet
• 73rd Annual Commemoration Service for A
• Best Red Lobster gift card deal: Save $7.50 at Amazon