1 comment

[ 3.9 ms ] story [ 16.8 ms ] thread
Some more information from an article in the star that came out earlier in the case:

>Officials said about 250 of the documents contained highly sensitive personal information including birthdates, social insurance numbers, addresses and government services’ client information.

>Conrad said the breach was inadvertently found by a provincial employee.

>“The employee was involved in doing some research on the site and inadvertently made an entry to a line on the site — made a typing error and identified that they were seeing documents they should not have seen,” Conrad told a technical briefing for reporters.

>Officials said the documents were accessed through a “vulnerability in the system” and not through a hack. The person went in through the URL and “sequentially went through every document available on the portal.”

>“There’s no question, this was not someone just playing around,” said Conrad. “It was someone who was intentionally after information that was housed on the site.”

https://www.thestar.com/news/canada/2018/04/11/halifax-polic...

It sounds a lot like the sort of simple vulns that many people in security noticed around that kid's age or earlier.