【Yoshihiro Tanbara Archives】

Teenager Bill Demirkapi had been ghosted. Hard. "It didn’t feel good,Yoshihiro Tanbara Archives" he explained to the large crowd gathered to hear him speak. "It hurt my feelings.”

But Demirkapi, despite his status as a recent high-school graduate, wasn't lamenting the traditional spurned-love problems typical of his cohort. Far from it. Instead, he was speaking at the famous DEF CON hacker conference in Las Vegas, and the ghoster-in-question was educational software maker Blackboard.

Demirkapi had reported numerous vulnerabilities in Blackboard's software to the company; after initially being in communication with him, the company stopped responding to his emails. But Demirkapi, who found he could access a host of student data — including family military status, weighted GPAs, and special education status — through vulnerabilities in Blackboard's system, was undeterred.

In fact, he was just getting started. And Blackboard wasn't his only target.

Original image has been replaced. Credit: Mashable

Over the course of his high school career, Demirkapi — a budding security researcher — also investigated K-through-12 software maker Follett. In doing so, he determined the company left millions of student and teacher records exposed to anyone who bothered to look.

Specifically, he explained, there were more than 5 million student and teacher records in the system that covered over 5,000 schools. Left exposed were students' immunization history, attendance data, school photos, birthdays, and more.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

"It was my data too in there," he told the audience of decidedly not teenage hackers. "This was pretty crazy stuff."

He tried to do the right thing and notified both his high school and the software manufacturers of his discoveries. Using a flaw in the system to alert students and teachers to its vulnerabilities, however, earned him a two-day suspension.

"Two days off of school," he said of the punishment. "I think it’s a pretty big win-win."

SEE ALSO: Remotely hacking elevator phones shouldn't be this easy

Eventually, Follett and Blackboard did listen — and many of the vulnerabilities he reported were patched at the end of July.

"Blackboard is always working hard to improve both the security of our products as well as the process and procedures we leverage in support of security," read a statement the company provided Demirkapi and he shared with DEF CON.

Asked by a member of the crowd what he's going to do next, Demirkapi gave an answer that elicited raucous applause from the hacker crowd: "Start college, maybe break their software."

Never give up on your dreams, Bill. The privacy of millions of students and teachers is counting on it.

---

Featured Video For You

---

From ATMs to printers, hackers prove you can play 'Doom' on anything

---

Topics Cybersecurity

• Tech
• Life
• Games
• Deals
• Entertainment
• Social Good
• Digital Culture
• Shopping

• Apple iPhone 17 Pro leaks highlight major new design change
• The best Black Friday pizza oven deals of 2023
• 'Fallen Leaves' review: Finding love in a hopeless place
• Writing a Memoir of Difficult Women
• The best day to book your flight, according to Google
• Petty in the Morning by Brian Cullman
• 'Please Don't Destroy: The Treasure of Foggy Mountain' review
• Cooking with Ivan Doig
• NYT Strands hints, answers for April 23
• Everything that's broken on Twitter right now, from video plays to follower counts

• Walmart and Chick
• 'Star Wars: Jedi Temple Challenge' kids game show announced by Disney+
• Jonathan Van Ness' historic Cosmo cover is the prettiest damn thing
• Someone like boo: Adele confirms she's put a ring on it while discussing #feels
• How to clean up cord clutter in your home
• 'The Office' cast sets the record straight about Jim and Pam's first kiss
• Dictionary.com's Word of the Year for 2019 is 'existential', and same
• The White House just plagiarized an ExxonMobil press release
• 8 best games to secretly play under the Thanksgiving dinner table
• Shut it down: Jesus is on Tinder now

• Shop the Google Pixel Pro 9 for $200 off at Amazon
• To the Attic: Virginia Woolf and Abelardo Morell
• Carrie Mae Weems on Her Favorite Books
• Staff Picks: Fat Ladies, Flowers, and Faraway Lands by The Paris Review
• 13 Good Games You Can Play on Laptops and Budget PCs
• Best deals of the day Jan. 13: The Sony HT
• Picabia’s Covers for André Breton’s Literary Magazine
• Foul Matter
• Asus VivoWatch 6 AERO measures blood pressure and ECG
• Staff Picks: Witch

• Apple is reportedly still working on smart glasses of some kind
• NYT's The Mini crossword answers for November 17
• At the Museum of Anatolian Civilizations
• Tina Barney’s Embarrassment of Riches by Joseph Akel
• Sony launches new flagship XM6 headphones: Order them now
• Pina Bausch’s ‘The Rite of Spring’
• Tina Barney’s Embarrassment of Riches by Joseph Akel
• Love and Badness in America and the Arab World by Diya Abdo
• The best day to book your flight, according to Google
• Nick Cave slams AI bot ChatGPT: 'A grotesque mockery of what it is to be human'