Security through obscurity is a well-known term in the computer industry, but what if the security is not even obscured? Security through obscurity implies that some efforts were made to hide something, anything. But this does not always seem to be the case – because if it were, the people responsible would not just be ignorant, but also stupid; hence the term “security through stupidity.”
In 2021, a journalist for St. Louis Post-Dispatch discovered teachers’ social security numbers on the state of Missouri’s website. The sensitive information was not directly visible on the webpage, but it was there if you right clicked and selected “view source” in your browser.
Allegedly, this journalist had “hacked” the website to gain access to this information. Let me repeat that: The state of Missouri leaked social security numbers on their website and threatened the person who found out and reported the vulnerability.
Ever wondered what would happen if you replaced your user id in the address bar with someone else’s? Maybe you would find some personal information, or maybe you would find a lawsuit.