.png)
4 weeks ago
21 BOOK THIS SPACE FOR AD
ARTICLE ADHola, InfoSec peoplessssssssss, Today lets discuss about the PII data leak in NASA webiste. On reading you may be things that I got P1 or P2 but no, this story is about how PII went to INFORMATIONAL.
Lets start by google dork, were I used the dork like
site:nasa.gov inurl:.txt
After scrolling through numerous pages, I stumbled upon a .txt file hosted on a sub-subdomain of nasa.gov. This file contained a report detailing certain activities conducted at specific locations. Shockingly, the report included sensitive Personally Identifiable Information (PII) of the employees involved, such as their names, phone numbers, email addresses, fax numbers, and postal addresses.
Driven by the urgency to address this security lapse, I promptly drafted a detailed report on Bugcrowd specifically for NASA. The report included a Proof of Concept (POC) and step-by-step instructions outlining the vulnerability. However, to my surprise, after a few days, I received a response indicating that my report was deemed duplicate and triaged as “Informational.”
Upon reflection, I realize that perhaps there may have been spelling errors or the tone of the report may have lacked professionalism. Therefore, I am revisiting the report to ensure accuracy and professionalism in conveying the severity of the issue.
Know the Impact
The impact of Personally Identifiable Information (PII) data leakage, including names, phone numbers, email addresses, fax numbers, and postal addresses, can be substantial and wide-ranging:
Identity Theft: With access to such detailed PII, malicious actors could easily impersonate individuals…
Bengali (Bangladesh) · 
English (United States) ·