Today, Haaretz newspaper published my study, about Schooly, a platform, which enable schools to have online system, to support verity of activities related to the schools needs
There was a huge exposure, included very sensitive information of kids
It's all started from a research that's me and Samuel Crdillo were doing, about Amazon AWS, and later a tool has been created which called "Bucket-Hunter"
Before publishing, out work, I was thinking how can I limit the impact on Israeli users
So I went to Google, and made some Google Dorks (strings, which brings you sensitive results).
As more as I checked, Schooly were the main results, all over Google, this while checking for Hebrew words, like ID + s3.amazonaws.com
The problem went far away, since it was not only Google exposure, but the main bucket were open to anyone
Just before speaking with Schooly, they fixed the ability to see the bucket list. Yet, downloading the files were possible even after few month
In the situation when young kids are being exposed, the government should open protection program.
The problem were in both side, Schooly as well as the schools who publish sensitive information of kids (six years old is too sensitive)
The files which exposed in the bucket were under schooly care, yet if a school is published something it's different story.
It's time for the ministry of education, to make a change - since this is a big failure of 100,000, kids which have a potential identity and physical reaction to the exposure.
