---

how (until august 21st 2023 (oh hey, my birthday :3)) my school leaked a bunch of staff and parent emails

finally getting around to this, it should not have taken so long

backstory

i was always interested in trying to find exploits in my school, i always sucked at it though, rarely finding anything interesting, and mostly just fucking around and trying whatever

somewhere, probably 7th grade, i had found this thing called google groups, never really looked through it though, i clicked around a few times. all i thought was "oh, it has some of my classes, thats kinda cool"

the actual story

so, it was a few weeks before my first ever day of high school, me being nervous and shit, i wanted to know what classes i got into. after racking my brain for a while, i thought of something, "oh, let's look at google groups, maybe that has something", turns out, it did have all of my classes (even though schedules were released a week later)

since i had remembered google groups existed, i decided to explore a bit more, and clicked "all groups", which showed me a few things that looked interesting, but luckily, the school had set the permissions correctly, so you couldnt see anything

as i continue looking, i realize, google groups handles emails, which makes me even more interested

i continue scrolling through the list of email accounts, but i quickly realize its just thousands and thousands of auto-generated emails for classes, so i decide to search specific keywords like "admin" or "teacher", which is where shit hit the fan

quickly, i find already thousands of emails, and i panic slightly, but i remember my schools open house (where you get to see the school and your classes) is in a few days, so i wait until then

luckily, there was a table full of the IT people at my school, so i go up to them, "hey, i found an issue which is leaking a lot of private emails-" "yeah, we know, we're fixing it"

huh? rude asf, but whatever, i assume they already knew, so i continue

i continue checking over the next few days, but nothing. the issue is still there, and with this opportunity, i look deeper. i already had things that no student shouldve seen, but i kept looking anyways, and im glad i did.

within days, i find the email for the welcome center, this handles kids who are moving into our district, which i quickly realized was a gold mine of incredibly personal information on minors, a lot of emails had full names, birthday, addresses, and after a little bit of looking, i found some kids birth certificate.

i panic, realizing this issue just became a whole lot bigger, and quickly sent an email to the IT people of my school, not knowing who else to write to

next day (aka the day before school started), i got a response, from none other than the district of technology, and it was finally fixed (they spelt my name wrong SOMEHOW, my name is simple, how tf do you misspell it)

this was the story of how i (very simply) found a shit ton of emails