The non-profit organisation Code.org suffered a major security breach on its website this week as a Singapore-based firm managed to access its 12000 volunteer’s personal data, including email address and location data, owing to its client-side vulnerability.
The incident came to light when one of the volunteer engineers, who confirmed receiving an unsolicited recruiting email from a technical freelancing firm in Singapore, which was followed by 6 more incidents that were reported subsequently. While the volunteering engineer’s database was impacted, the student and teacher accounts were not compromised.
Code.org’s CEO Hadi Partovi confirmed first contacting the impacted users to warn them and subsequently alerting other volunteers as well. He also confirmed contacting the Singapore-based firm for resolving the issue, post which the Recruiting firm has confirmed to stop all communication to the volunteers with immediate effect.Code.org has also confirmed that the client-side vulnerability which caused such a breach is also been plugged to secure all the private data from future such attacks.