Bug in student admissions website exposed children’s personal information

A vulnerability in the Ravenna Hub student admissions website exposed the personal information of children and their parents to any logged-in user. The issue, fixed promptly by VentureEd Solutions, affected over a million students but raises concerns about overall cybersecurity practices and oversight. This incident echoes recent failures in handling child data security online.

Key Points

• Ravenna Hub vulnerability allowed logged-in users to access personal data of other users.
• Exposed data included children's names, DOBs, addresses, pictures, and parents' emails/phones.
• VentureEd Solutions fixed the issue within the same day after TechCrunch's alert.
• CEO Nick Laird confirmed the replication of the issue but avoided specifics on user notification or prior security checks.
• The vulnerability, an IDOR flaw, resulted from weak server security controls, affecting access to numerous student records.

Relevance

• This incident highlights ongoing cybersecurity challenges in educational technology, especially involving children's data.
• Similar past incidents include UStrive's exposure of personal data, emphasizing a trend of inadequate data security in platforms serving minors.
• By 2025 trends in IT emphasize the need for stringent cybersecurity measures, especially for applications dealing with sensitive personal information.

The Ravenna Hub incident underscores the critical need for robust cybersecurity in systems handling children's information, prompting calls for improved oversight and security checks in educational tech platforms.