Discovering sensitive data exposure by viewing page source, and responsibly reporting the same to get it fixed is branded as ‘hacking’

View Page Source Hacker Journalism
Viewing Page Source is NOT hacking. Pic credit: Lord James/Flickr

Apparently, viewing a website’s page source is hacking. At least that’s what Missouri Gov. Mike Parson claims Josh Renaud was doing when he discovered a vulnerability on a state website that exposed sensitive information.

Anyone with access to the Internet, and a working computer, could easily view the Social Security Numbers of about 100,000 teachers. However, Missouri Gov. Mike Parson is branding the responsible journalist who discovered the same, a hacker with malicious intent.

Missouri Department of Education website exposed teachers’ Social Security Numbers by viewing page source:

St. Louis Post-Dispatch journalist Josh Renaud had quietly discovered that the website for the state’s Department of Elementary and Secondary Education (DESE) was exposing over 100,000 teachers’ Social Security numbers.

He became aware of the data exposure after viewing the HTML source code of the site’s web pages. It is important to note that anyone with an internet connection could find this sensitive information by right-clicking the page and hitting “View Page Source.” In several popular web browsers, this is as simple as visiting the website and hitting F12 on the keyboard.

The Post-Dispatch reported the vulnerability to state authorities. They even delayed publishing a story so that relevant departments could patch the website.

As a result of the actions of Josh Renaud, the DESE confirmed that the “educator certification search tool was disabled immediately”. Simply put, the state machinery worked and patched the data vulnerability.

St. Louis Post-Dispatch then published the story on the incident, knowing well the Social Security Numbers weren’t easily accessible anymore. Instead of receiving a commendation, Missouri’s Republican Governor Mike Parson branded Josh Renaud as a “hacker”.

Missouri Governor brands journalist as ‘hacker’ who wanted to ‘embarrass the state’:

Speaking about the security lapse, and more specifically, about Renaud, Missouri’s Republican Governor Mike Parson, said:

“The newspaper uncovered the flaw in an attempt to embarrass the state. A hacker is someone who gains unauthorized access to information or content. This individual did not have permission to do what they did.”

The Governor is now contemplating legal actions for responsibly reporting the data vulnerability:

“This individual is not a victim. They were acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines to their news outlets. The state is committed to bringing to justice anyone who hacked our system and anyone who aided and abetted them to do so.”

The governor has reportedly referred the case to county prosecutors. Needless to mention, social media users aren’t pleased. Even the governor’s own party members expressed their displeasure:

Several legal experts have indicated that the journalist is highly unlikely to stand trial. After all, the U.S. Supreme Court has specifically ruled that a person violates the law only when they access files or other information that they would otherwise be unable to.

Still, if the state of Missouri proceeds with legal action, it could set a poor precedent. Journalists and whistleblowers are already at risk of legal action and attacks for discovering and reporting security issues and privacy vulnerabilities.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x

Warning: Undefined variable $posts in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309

Warning: Trying to access array offset on value of type null in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309

Warning: Attempt to read property "post_author" on null in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309