Some more information from an article in the star that came out earlier in the case:
>Officials said about 250 of the documents contained highly sensitive personal information including birthdates, social insurance numbers, addresses and government services’ client information.
>Conrad said the breach was inadvertently found by a provincial employee.
>“The employee was involved in doing some research on the site and inadvertently made an entry to a line on the site — made a typing error and identified that they were seeing documents they should not have seen,” Conrad told a technical briefing for reporters.
>Officials said the documents were accessed through a “vulnerability in the system” and not through a hack. The person went in through the URL and “sequentially went through every document available on the portal.”
>“There’s no question, this was not someone just playing around,” said Conrad. “It was someone who was intentionally after information that was housed on the site.”
1 comment
[ 3.9 ms ] story [ 16.8 ms ] thread>Officials said about 250 of the documents contained highly sensitive personal information including birthdates, social insurance numbers, addresses and government services’ client information.
>Conrad said the breach was inadvertently found by a provincial employee.
>“The employee was involved in doing some research on the site and inadvertently made an entry to a line on the site — made a typing error and identified that they were seeing documents they should not have seen,” Conrad told a technical briefing for reporters.
>Officials said the documents were accessed through a “vulnerability in the system” and not through a hack. The person went in through the URL and “sequentially went through every document available on the portal.”
>“There’s no question, this was not someone just playing around,” said Conrad. “It was someone who was intentionally after information that was housed on the site.”
https://www.thestar.com/news/canada/2018/04/11/halifax-polic...
It sounds a lot like the sort of simple vulns that many people in security noticed around that kid's age or earlier.