High school senior Bill Demirkapi said he was able to use basic computer skills to get into the admission system of at least one college, though he believes the ability exists for at least 80 more colleges who use the same system, including at least three in Texas.
[Ads /]
Demirkapi, speaking to ABC13 by phone from his home in Massachusetts, said the ability is likened to the school leaving the door unlocked.
"This attack wasn't complex, it was just the application," he said.
Demirkapi immediately shared his findings with the college, Worcester Polytechnic Institute, so they could fix the issue.
In screen shots, Demirkapi showed how he could see his entire file, just by exploiting problems with the system where he logged into to apply for college.
The screen grabs show he was able to make changes to his profile, including changing his "application decision" to "accept."
What's worse, Demirkapi said in some instances, he could access other students' data.
[Ads /]
"It's possible the issue could've existed for years," Demirkapi said.
Response to his findings was mixed, he said. While the school acknowledged the problem, once they had the information, he never heard from them.
The company didn't respond to him either, he said. So he posted his findings on Github.
Demirkapi wanted the school to know about the problem and to make sure they knew he wasn't malicious. He reported the issue to all the schools where he could determine the problem existed.
The story was first reported by consumer reporter Bob Sullivan.
Schools in Texas identified by Demirkapi are Texas State Technical College, UT-Dallas and Concordia University in Austin.