Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Code.org hole gave access to volunteers' email addresses

This couldn't happen to your kid who did the Hour of Code, promises CEO

Code.org, the not-for-profit attempting to teach the world to code in perfect harmony, has 'fessed up to a flaw on its site that exposed volunteers' email addresses.

“On Friday night we discovered and fixed an error in the Code.org site that allowed access to our volunteer email addresses,” writes CEO Hadi Partovi.

“This wasn’t a case of hackers breaching our security systems,” Partovi writes, “rather it was our mistake of leaving volunteer email addresses accessible via the web browser.”

The organisation learned of the hole when some of its volunteers started receiving emails offering them jobs. Those offers were sent by “a technical recruiting firm in Singapore” and volunteers wondered how the company had found their addresses.

The recruiting company says it won't do it again and has promised to delete the email addresses it harvested.

“Based on this response, it’s possible the vulnerability may have had limited impact, but we can’t be sure,” Partovi adds. “Regardless, we’ve also inspected and secured the rest of our site from similar vulnerabilities.”

One small upside is that the organisation says it doesn't store email addresses for kids under 13, the target market for the Hour of Code. So there's nothing there for hackers or recruiters to find.

Partovi promises to make sure this kind of thing will never happen again. Perhaps if it spends more than an hour on its code, it might even succeed. ®

Similar topics

TIP US OFF

Send us news


Other stories you might like