[Full-disclosure] ACM.ORG website has serious data leak again



a serious data leak has been found on acm.org - full member information
including postal address and mail address can be extracted from the website.

In addition to that the data can also be modified

acm.org CEO John White has been informed more than 24 hours ago via
email about this problem, but there was no reaction at all from acm.org
(the reception of the email was confirmed by the hacker calling mr white
and asking if he got the mail...he said it was forwarded to IS
director...), they did not even ask where/what exactly the problem is.

The hacker has extracted several thousend datasets from the website as a
proof of concept.

so if you are a ACM member your data might be available to everyone -
let mr white know what you think of this: white@xxxxxxx

follow the development on www.the-hacker-news.com or
www.twitter.com/_the_hacker_

screenshots & details will follow once acm has closed the hole (if they
ever will...)

TH

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/