Admissions hacking?
Quick break from work…
I’ve found incredibly little information about the way someone told others how to “hack” into Apply Yourself, Inc. service to determine if they were accepted to Harvard, Stanford, MIT, and other colleges. I’ve seen lots of news referring to “hacking,” “data thief,” “security breach,” “cracking” and other terminology that didn’t provide much technical information. It makes me wonder if this event was as much of a non-hack as the Choicepoint “hack” or if this event was similar to other cases in which people just added text to a url, particularly since apparently students could only access their own information (leading me to believe they were authenticated in some way before following those elusive instructions).
It appears that Harvard is automatically rejecting anyone’s record who was accessed based on that fact- they hold the applicants responsible for the use of their accounts.
While the access was likely improper, I am curious about terms of service and the use of the H word…
Update: Yup. Looking at the originating BusinessWeek forums, it looks like all the applicants did was type in a url. The forums are crawling with posts and article reprints (copyright violation? ^_-). Here’s an excerpt:
—
No security safeguards were bypassed _ the applicants simply took an open route to their pages that hadn’t been publicized, said the man, who is in his 20s and is from the Midwest.
—