Missouri Governor Mike Parson wants to prosecute a journalist who discovered the government’s website was leaking Social Security Numbers.
Website Source Code
On Wednesday, Josh Renaud wrote in the St. Louis Post-Dispatch that the state’s Department of Elementary and Secondary Education website exposed over 100,000 SSNs of department employees. These employees include teachers, administrators, and school counselors.
Mr. Renaud discovered this information was available simply by viewing the source code of the website. This is a capability that virtually all web browsers have, and anyone can do this. If a reader wanted to they could view the code for The Mac Observer. It displays HTML code, CSS, Javascript, etc.
The Post-Dispatch disclosed the leak to the state government, which fixed it on Tuesday. Then the paper reported the incident on Wednesday once the SSNs were no longer in danger of being stolen.
The newspaper delayed publishing this report to give the department time to take steps to protect teachers’ private information, and to allow the state to ensure no other agencies’ web applications contained similar vulnerabilities.
However, Governor Parson stated that Mr. Renaud “took the records of at least three educators, decoded the HTML source code, and viewed the SSN of those specific educators.”
If the state moves forward with its investigation, it will certainly reveal if Mr. Renaud did actually take or use any of the SSNs. But hacking, he did not.