Slashdot Mirror

← Back to Stories (view on slashdot.org)

Forbes '30 Under 30' Conference Website Exposed Attendees' Personal Information (vice.com)

Posted by msmash on from the embarrassment-of-the-day dept.

An anonymous reader shares a Motherboard report: Every year, Forbes' 30 Under 30 list recognizes people blessed with both youth and exceptional talent in their field -- including celebrities, startup founders, doctors, and artists. These are smart, savvy professionals -- and when some of them include information security pros, they're bound to go poking around for vulnerabilities. That's what Yan Zhu, a privacy engineer who made the 2015 list, was doing when she found a gaping privacy hole in the way Forbes handles recipients' personal information. Once you make the list, Yan told me in a Twitter direct message, Forbes asks you to register for its annual Under 30 Summit conference. "They send you a link for conference registration, but it's not tied to your email address," she said. "So you can literally enter anyone's email address who is also a 30 Under 30 member and it shows you their personal info." That information carries over into all future years, she said.

12 comments

  1. "That information carries over into all future by fredrated · · Score: 1

    years". What does that mean?

    1. Re: "That information carries over into all future by TWX · · Score: 3, Insightful

      Presumably every year that the researcher has tested the link subsequent to being initially recognized, such as years 2016, and 2017, the researcher has confirmed that the vulnerability still persists.

      --
      Do not look into laser with remaining eye.
    2. Re: "That information carries over into all future by Anonymous Coward · · Score: 0

      "We're humping butts going at it as hard as we can".

  2. Welp ... by fahrbot-bot · · Score: 1

    ... the youngsters say they don't care about privacy so I guess it's okay.

    (Maybe "30 under 30" meant how much personal info would be exposed in how many minutes.)

    --
    It must have been something you assimilated. . . .
  3. Privacy engineer? by Anonymous Coward · · Score: 0

    Seriously? It's bad enough when I see dorks arguing whether one is a software engineer, programmer or coder. Titles are getting out of hand.

    1. Re:Privacy engineer? by EndlessNameless · · Score: 1

      Privacy engineer at least indicates a focus.

      Software engineer, programmer, and coder are used ambiguously or interchangeably so often that the distinction is meaningless.

      --

      ---
      According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  4. what's the big deal? by chicksdaddy · · Score: 1

    So 30 people have their info exposed? What's the big deal. ;-)

    1. Re:what's the big deal? by rnash · · Score: 1

      Yes give me Karlie Kloss's details !

  5. Forbes and their crappy IT security by Anonymous Coward · · Score: 0

    Forbes was (and is) one the most aggressive publishers to fight ad blockers. To this day, you cannot access most Forbes content if you have an ad blocker enabled; the page will not even load. After they did this, Forbes said to trust them; they will provide a safe browsing experience. Days later Forbes was hit with a malvertising attack.

    Since they implemented the policy, I no longer read Forbes, which is a shame since I love the content. Oh, well. Forbes of all people should be able to figure out a smarter way to fix this problem and still make money other than force people to turn off ad blockers. Less MBAs, Forbes, and more common business sense.

  6. Still no jobs in America by Anonymous Coward · · Score: 0

    Thanks, Trump.

  7. Let it be over 30 by Anonymous Coward · · Score: 0

    And itâ(TM)ll all be fine

  8. Good Grief by Anonymous Coward · · Score: 0

    I was underwhelmed by the list. Theyre not even trending in Twitter, etc. Looks like this was just a stunt to give some lift and exposure to some undeserving folks.