"K-12 Student Geolocation Data, Names Exposed via API Flaws: 6M Kids Impacted"

According to Tenable researchers, Application Programming Interface (API) bugs in the Edulog Parent Portal platform enabled malicious actors to access the names and geolocation data of six million K-12 riders. The vulnerability has since been fixed by Edulog Parent Portal, a service that provides real-time school bus tracking for parents of grade-school students. The flaw allowed anyone who created a free Edulog account to evade school registration safeguards and gain access to information available through the service's Parent Portal API. It also enabled access to platform configuration details for individual school districts, such as usernames and encrypted passwords for third-party integrations. This article continues to discuss the API bugs in the Edulog Parent Portal platform.

SC Media reports "K-12 Student Geolocation Data, Names Exposed via API Flaws: 6M Kids Impacted"

Submitted by grigby1