Computerworld - A Web log generated by an online registration process opened a security breach over the weekend for a company that provides telephone service to students at about 70 small colleges nationwide.
The breach allowed outsiders to search for the names, Social Security numbers and addresses of about 2,000 students who registered with Resicom Corp. via its Web site, according to Resicom President Leidy Smith.
Smith said the Doylestown, Pa.-based company was told of the breach via e-mail and had fixed the problem by yesterday afternoon. In addition, all the colleges served by the company were notified of the problem.
Smith said that while the company is very concerned about the breach, the situation was mitigated by the fact that in order to access the information, a person needed to include a particular keystroke such as a pound symbol or a dollar sign between the first and last names to make a search work. He would not say what that key was.
Essentially, every time someone registered on the Web site, the Web logs noted that registration. Those logs were created as a text file, and it was that file that was searchable using the first and last name, along with the special keystroke.
Smith said the permission level to access the Web logs was set too low and has since been changed. He said he believes the access threshold was lowered accidentally during maintenance.
At no time was the company's main database containing more than 100,000 student accounts open or affected by the breach, Smith said. He added that the main database is behind a firewall and located at another site.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
