Code.org has fixed an error on its website that accidentally exposed email addresses belonging to its volunteers.
On Saturday, Hadi Partovi, the CEO of the non-profit organization that encourages students to learn about computer science, issued a statement of apology on the company’s blog.
“On Friday night we discovered and fixed an error in the Code.org site that allowed access to our volunteer email addresses,” the statement reads. “This wasn’t a case of hackers breaching our security systems, rather it was our mistake of leaving volunteer email addresses accessible via the web browser. (None of our servers were ever vulnerable, nor were our 10 million student/teacher accounts or passwords or other information ever vulnerable).”
Partovi goes on to explain that Code.org first learned of the error when 10 of its volunteers reported receiving an unsolicited “job offer” from a technical recruiting firm based in Singapore.
Unwanted job offers are a common tactic employed by scammers, especially on LinkedIn, who look to steal users’ personal information and to trick them into providing free labor for a disreputable company.
In this case, however, the offers were legitimate. Code.org reached out to the recruiting firm, which has issued its own letter of apology and vowed to remove all of the exposed volunteers’ email addresses from its databases.
Given the response of the recruiting firm, Partovi is optimistic that the error had a “limited impact.” He is also careful to point out that the email addresses of those students who have engaged Code.org were not affected by the vulnerability.
“At Code.org, we take privacy and security very seriously,” the company’s CEO points out. “Unfortunately we live in a time when security breaches are all too common. In the case of our youngest learners – students under the age of 13 – we don’t store their email address even if they give it to us, as an added precaution.”
To read Partovi’s letter in full, please click here.