DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

(Update1) The Palm Beach County School District suffers massive pwd breach after second grader hacks them

Posted on May 13, 2020 by Dissent

See an important update after the original post.

From the no-one-could-have-possibly-foreseen-kids-figuring-out-default-password-conventions dept., Andrew Colton reports:

The Palm Beach County School District is in the midst of a massive computer security crisis that draws into question the authenticity of every assignment completed by every student since “distance learning” began, after BocaNewsNow.com learned that an elementary school student hacked the school district’s password system.

We are not revealing the password convention that is used in the school district, but the second grader’s — you are reading that correctly, the second grader’s — hacking resulted in an emergency login change for “live” morning meetings in several elementary schools last week. It did not result — yet — in a district-wide reassignment of student passwords for the School District’s “Portal” which provides access to Google Classroom.

Read more on Boca News Now.

Update: It seems that the school district was less than thrilled with Boca News Now making their situation public. The paper issued a second story claiming that they received a thinly veiled threat from the district. It is not clear from their reporting, though, what they are being threatened with or what they reportedly did wrong. Is the district accusing them of encouraging a student to violate the student code of conduct because they prudently made sure to verify claims of a vulnerability before reporting on it?

What did the news outlet do wrong? Nothing that I can see.

What did the district do wrong? Let me count the ways, but for now, let’s just add poor incident response to the list.

CORONAVIRUS: Palm Beach School District Threatens BocaNewsNow Over Password Story

Related posts:

  • Kept in the Dark — Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
Category: Education SectorHackInsiderOf NoteU.S.

Post navigation

← ShinyHunters has companies scrambling: Star Tribune warns subscribers of claimed hack, Tokopedia brings in independent consultant to investigate hack
Elizabethtown Community Hospital Patients Lack Standing in Data Breach Row →

2 thoughts on “(Update1) The Palm Beach County School District suffers massive pwd breach after second grader hacks them”

  1. Nancy Lorntson says:
    May 13, 2020 at 11:24 am

    No hacking going on here. It’s a pure case of the district assigning passwords that were almost certainly some combination of a student birthday, grade, initials, etc. all of which are easily discoverable through internet and social media searches. This type of password assignment is common in K-12 districts.

    Additionally, the practice of not permitting students to manage their own passwords is also common practice. Districts believe that elementary aged kids can’t remember their passwords so by having a predictable combination of known information about a student, a teacher can easily “help” their students to log in without a password change.

    1. Dissent says:
      May 13, 2020 at 11:27 am

      The word “hack” gets used loosely in a lot of contexts. They’re probably claiming unauthorized access because it violates student conduct code. But it would be even more embarrassing if a 7 year-old really could hack them so easily.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • McDonald’s McHire leak involving ‘123456’ admin password exposes 64 million applicant chat records
  • Qilin claims attack on Accu Reference Medical Laboratory. It wasn’t the lab’s first data breach.
  • Louis Vuitton hit by data breach in Türkiye, over 140,000 users exposed; UK customers also affected (1)
  • Infosys McCamish Systems Enters Consent Order with Vermont DFR Over Cyber Incident
  • Obligations under Canada’s data breach notification law
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • DeleteMyInfo Wins 2025 Digital Privacy Excellence Award from Internet Safety Council
  • TikTok Loses First Appeal Against £12.7M ICO Fine, Faces Second Investigation by DPC
  • German court offers EUR 5000 compensation for data breaches caused by Meta
  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.