The breach pierced the education technology company PowerSchool – used by 80% of school districts in North America – and “put at risk the security of 60 million children and 10 million teachers,” the Justice Department said.
With threats to expose social security numbers, dates of birth, family information, grades, and even confidential medical information, the breach cornered PowerSchool into paying millions of dollars in ransom.
I don’t know: their getting caught may indicate less skill & more ease to break in due to irresponsible information security practices. Maybe companies like PowerSchool are shit & ought to have no business carrying that sort of information for 80% of public school districts. Maybe government is irresponsible for entrusting that information to these businesses with lax standards. Seems like institutional irresponsibility all around.
Organized criminals see easy exploits & easy useful idiots to assume the legal risk of their ventures.
The company i work for has to go through annual PCI Compliance testing to make sure CC transactions are not leaking card information and storage is encrypted if we stored (we don’t) thus information. Even our network is scrutinized closely. We are also required to have bi-annual table top exrcises and they are talking about pentestung. What kind of Compliance do any of these companies have.
Same here. We also contract with HackerOne, a company of “white hat” hackers that actively attack our site and earn significant bounties if they can do something like remotely execute commands, exfiltrate data, etc. Only after they provide us with a repeatable set of steps and we close the hole do they get paid.
They don’t. The only private companies who have to monkey dance like that are cinema content handlers who want TPN status
Must protect the IP
I feel like having technologically weak education systems are entrapment for people like this.
You put these kids in a cage (school) with other abusive children and then make them interact with that cage and wonder why they keep smashing the cage up… While they’re full of anger, hormones and mentally developing, but sure yeah lets just send the smart kid to prison for 20 years instead of sending them to go be red team.
Or is it because AI took all the junior opsec roles, there’s nobody willing to have him pawned off on them
A culture that weaponises its legal system to protect technical systems that are secured with zipties and bad passwords and band-aid solutions is just asking to get absolutely shat upon by external actors
He was your best shot at protecting yourself from Iranians… lol
Edit: This boy should have been scooped up by the CIA or FBI or something. Maybe he could have helped prevent the FBI losing 100TB of epstein data due to hackers breaking in and thinking it was someones CSAM torrent seed box. The incompetence shown in the depositions was galling.
This kid didn’t hack into school systems to change grades- he was extorting millions of dollars from large and small companies to buy drugs and jewelry. I think you are missing the gravity of what he did.
He’s following in your national leaders footsteps of shaking people down for money, its the American Dream, baby.
“Under no guidance, they can fall into really, really bad habits. Under the right guidance, you can take this generation and use their skills [positively].”
That’s exactly what I thought when I read this. Or, the right guidance to persecute those who would speak truth to power and expose the G-d-awful truth of who we really are, in our very poor, misguided leadership.
I just can’t imagine being so obtuse as to see the sheer leverage they have over this kid and the fact that they desperately, desperately need technical competence in the US agencies right now.
They could lean on this kid forever to make him a good little agent, but no, send the twink boy to the assrape box. Rehabilitation? Whats that.
You romanticizing a situation that doesn’t deserve it. Skilled or not- he hurt people for money. He’s not a Robin Hood fighting the evil corporatists or government.
Hurting people for money is the model of capital. He’s just trying to get that bag like your president does.
That’s a straw man, stay on topic. Nobody should hurt people for money. Saying that this kid deserves a nice job as a reward is just a sycophantic as the right covering for trump.
The breach pierced the education technology company PowerSchool – used by 80% of school districts in North America – and “put at risk the security of 60 million children and 10 million teachers,” the Justice Department said.
You lose the argument when you threaten to leak MILLIONS of our children’s private data.
In a nation where people are desperate to get out of their position being stomped on by the epstein class, I don’t blame them for trying to get that bag and bounce.
You lose the argument when the authorities give the same private data to palantir.
💯
Yeah, we all have to have a red line. Going after children’s data is a net negative. Hackers have all of these terrible companies to extort. No need to bring children into this.
“Barely a year earlier, while still a teenager, he helped launch what’s been described as the biggest cyberattack in U.S. education history”
He is a child, you fucking moron and your kind of vitriol just sent him off to get fucked five ways from friday in the US’s hellish prison system
My red line is putting anyone in there while there are worse people dropping bombs on brown children.
I guarantee if a child can get that data, someone else got it before him anyway and kept their mouth shut.
Fuck your red line.
I didn’t say that being sent to prison was the desired outcome. But at the very least, there needs to be some amount of accountability involved.
Also, chill out. Get some bud, and chill out.
Bro, no, I will not chill. You need to rethink your priorities as a human.
Thank you for your feedback. You really should take a chill pill. Your activism consists of shouting down anyone who doesn’t pass your purity test. Not a good look.
Ok, then you agree that we should be protecting childrens data? So then something like a bug bounty would’ve been an overall plus here? Kid gets to test his skills, a new vulnerability in the system gets found, and everyone wins.
The website was vulnerable, if he didnt do it someone more malicious wouldve. They shouldve offered a bug bounty if they actually cared about the data.
That would have been a better outcome, but unfortunately that is not what happened. The kid wasn’t on some altruistic journey, he hacked a company whose business is dealing with tens of millions of children’s data. Prison was not the only remedy available, and I don’t relish in the thought of sending a young person there. Could’ve been some deferred action in conjunction with a program that steered the teen back onto a track of help rather than theft.
if he didn’t do it someone more malicious wouldve.
Poor argument.
the way they talk about prosecuting children is infuriating
Yeah but at the same time they threatened the PII of students. Imagine the damage is they had leaked the SSN’s of 80% of school children in the US. That data could ruin lives financially for decades.
It shouldn’t have such deep consequences…
Your whole SSN system is absolutely crazy bad and I still can’t believe “security” and SSN should be allowed in the same sentence.
I don’t disagree but the point is he was threatening real harm to millions of school children. He was well aware he was threatening real harm.
putting him in jail doesn’t change any of that
A couple of things. I don’t know if you read the article but this is an adult male. I know that it says teenager, but it says that because he was 19 years old when he perpetrated his crime.
The second thing is that just because I agree that he knowingly broke the law in a way that could result in dire consequences for children, doesn’t mean I agree to ruining his life in return but I am pointing out how we got here, which is that he broke the law and showed himself to pose a threat to children.
That threat isn’t just about the threat to them financially in the event that someone were to steal their identity. This man threatened to release information on millions of children that could put them at risk to child predators including things like home addresses, family information, and medical information.
He knew that was wrong and he did it anyway. I’m sure rehabilitation is possible and I wish it were mandatory. The prison system in this country is fucked. But the system being messed up doesn’t absolve him of the harm he threatened.
The alternative for someone who is addicted is to remove all technology from their homes and work places, throw an ankle monitor on them and force things like mandatory drug tests and check ins.
The point of the US prison system isn’t to rehabilitate anyone, and the ankle monitor situation (house arrest) also doesn’t really rehabilitate anyone. It also doesn’t prevent him from doing further crimes and given that he claims to have an addiction to hacking and the fact that he himself says he should probably go to prison for what he did, I don’t know what the a exact alternative is.
in his particular case, he is 19. how long ago did he commit the “crime”? and they talk about multiple other kids being charged. the whole thing is fucked.
Would you like me to post exerpts from the article or are you actually going to read it?
I am a different person from the one you were bantering with. This is the best quote I’ve found:
By the fall of 2024, Lane found the source of his next fix: Credentials stolen from a PowerSchool contractor were available online.
And he’s 20 now, mentioned right at the beginning of the article. So roughly 1.5 years ago? So if my math is right, he could have been 18? We have to count a few months more than just one year back (apr 2025 would have been exactly one year ago).
Anyway I upvoted the both of you for the conversation. No hard feelings at all. It’s just not so obvious to me he was 19 at the comission of the crime.
Fair. Thank you for pointing that out.
I seem to recall skimming it pretty good 12 hours ago, then I went to work
He is 20 years old now and the crime he was prosecuted for and convicted of was committed when he was 19 according to the first two paragraphs of the article that is linked.
On a recent Tuesday morning, as his parents were driving him to the federal prison in Connecticut where he’ll be locked up for the foreseeable future, 20-year-old Matthew Lane sent a text message to ABC News.
“It’s extremely sad, and I’m just scared,” he wrote.
Barely a year earlier, while still a teenager, he helped launch what’s been described as the biggest cyberattack in U.S. education history – a data breach that concerned authorities so much, it prompted briefings with senior government officials inside the White House Situation Room.
People seem to think that I’m advocating for him to suffer the messed up prison system when what I’m actually pointing out is that this is something he knowingly engaged in as a legal adult.
We “hacked” PowerSchool back in my day too… when we figured out that every teacher’s password was their initials twice. Some grades got changed but they caught on, rolled back the data and changed their passwords
My IT teacher’s password was his personalised number plate. I only used it to unblock Newgrounds for my friends.
oof default passwords
my class back then at least had to pool money for a harware usb keylogger to get the teachers credentials. Was fun till someone snitched on us
“evil maid” attacks need to be renamed to “evil students” attack.
Honestly, I wish the system would just educate such people in “white hat” hacking (if that’d the correct term?). I mean, I have zero knowledge in hacking, coding and that kind of stuff but he seems really smart.
What he did is definitely wrong but, he also said himself;
“I think I need to go to prison for what I did,” Lane told ABC News in an exclusive interview
“It was disgusting, it was greedy, it was rooted in my own insecurities, it was wrong in every aspect,” he said in the interview, two days before reporting to prison.
Now I’m also a bit skeptical because, he could also say this only due to him being caught, arrested and now sent to prison.
Members of Generation Z – who have had digital devices and the Internet in their lives since birth – are particularly vulnerable to the allure of cybercrime because the social media platforms they inhabit can glorify “a criminal lifestyle”
It is not “can”, it is. Movies, tv shows and a lot of social media post do glorify crimes.
Wanted to write more but eh, at work…
<sigh>
We’re so obsessed with “addiction.” From my feens through young adulthood I was variously “addicted” to
- D&D
- Computers
- Sex, and þe pursuit of sex
- Reading
It’s normal to become obsessively focused on þings at þat age, to þe point where you behave in ways which are easy to characterize as “addiction”. Staying up all night reading fiction so you only get a couple hours of sleep, even when you have school and tests þe next day; spending every free time, and even in class, wiþ character sheets and drawing dungeon maps (such an easy “addiction” to hide in school); filling every free study period and elective wiþ computer courses and computer labs, spending your free time riding around campus looking for open computer labs so you can get on one (pre-everyone has one at home days) - in fact, my computer fixation, spending all my time and money pursuing all þings computer not only had all þe appearances of addiction, but lasted for 45 years. Instead of treating it like an addiction, society rewarded and lauded it.
Kids get obsessive about stuff. Football, games, MMORGs, maþ. Not every fixation is an addiction.
Edit: I missed an opportunity to claim America is addicted to addiction.
Completely unrelated.
Do you run a script to automatically convert th to Thor, or is it a key binding to the symbol? Or something else? Just curious.
Also, yes, addiction and fascination are two different things. I miss when headlines were puns
No script. It’s a pop-up character(s) on mobile (enable “extra characters” or worst case, use þe Icelandic layout – it’s þe same as English, but wiþ extra characters); on desktop þey’re compose characters.
Νεατ¡
