Code.org, the non-profit organization dedicated to increasing diversity in computer science, has admitted its website has been leaking volunteer email addresses.
The discovery was made in an unusual way: the volunteers started receiving emails with job offers from a technical recruiting firm in Singapore.
Once notified of this by the volunteers, the organization contacted the firm in question, which told them how they accessed the email addresses.
“This wasn’t a case of hackers breaching our security systems, rather it was our mistake of leaving volunteer email addresses accessible via the web browser,” Hadi Partovi, CEO of Code.org explained.
He added that none of their servers were ever vulnerable, nor were the accounts, passwords and other user information of the 10 million student/teacher that use the site. “In the case of our youngest learners – students under the age of 13 – we don’t store their email address even if they give it to us, as an added precaution,” he also pointed out.
The hole has been plugged, and the rest of the site secured, but it’s possible that other individuals have collected the email addresses while they were accessible.
The recruiting firm from Singapore has apologized via email to Code.org for harvesting the email addresses and sending the emails.
They promised not to send any more emails, and to delete these email addresses from their mailing lists.
“With the exception of those who have applied to us with their details to be considered, we will remove all hour of code related emails from all our systems and databases,” they added.