This more or less happened to my friend circa ~2000s. They were technically amazing for our age. When the school “database” was deleted they and a friend were suspended for an entire month, almost expelled.
Turns out they had warned their teacher that the files were in a public shared folder and anyone could just literally delete them. No backups, these were grades, assignments, etc for dozens of teachers over many years. They were severely punished for trying to disclose a vulnerability essentially and blamed for the whole thing.
If you were in highschool at the time, really the only ethical thing to do for someone in your position is to delete all the files and shine a light on their bad security practices, but don’t say anything about it to anyone. It’s that last bit that always gets you in trouble. Absolute candor is something adults almost never want to hear from children.
My teacher one year gave me an F because he didn’t bother to grade anything in a timely fashion, also didn’t store (or organize) any student assignments that had been handed in, and when the end of the year came made me go digging through a giant stack of everyone’s assignments to find mine to prove I deserved a reasonable grade AFTER I had already been sent home with an F. I eventually got the grade I deserved, but I shouldn’t have had to fight for it like that. Apparently this was a common routine for this teacher, but lots of students didn’t bother to fight it. It didn’t get fixed until that cabinet was physically emptied and I handed all the assignments back to their authors.
I am thinking of the teachers. And I think OPs situation is remarkably similar. But kids, being kids, will not be heard by adults when they shout warnings, like “Why haven’t you graded and returned any of my assignments yet this term?” or “This valuable/dangerous thing should be secured, who responsibility is that?” It may not be moral advice, but like the song says, sometimes you have to be cruel to be kind.
This more or less happened to my friend circa ~2000s. They were technically amazing for our age. When the school “database” was deleted they and a friend were suspended for an entire month, almost expelled.
Turns out they had warned their teacher that the files were in a public shared folder and anyone could just literally delete them. No backups, these were grades, assignments, etc for dozens of teachers over many years. They were severely punished for trying to disclose a vulnerability essentially and blamed for the whole thing.
Never report vulnerabilities yourself to an organization, always use a neutral, trusted third party to report it.
which organization would you use in this situation?
If you were in highschool at the time, really the only ethical thing to do for someone in your position is to delete all the files and shine a light on their bad security practices, but don’t say anything about it to anyone. It’s that last bit that always gets you in trouble. Absolute candor is something adults almost never want to hear from children.
genuinely think of the teachers
My teacher one year gave me an F because he didn’t bother to grade anything in a timely fashion, also didn’t store (or organize) any student assignments that had been handed in, and when the end of the year came made me go digging through a giant stack of everyone’s assignments to find mine to prove I deserved a reasonable grade AFTER I had already been sent home with an F. I eventually got the grade I deserved, but I shouldn’t have had to fight for it like that. Apparently this was a common routine for this teacher, but lots of students didn’t bother to fight it. It didn’t get fixed until that cabinet was physically emptied and I handed all the assignments back to their authors.
I am thinking of the teachers. And I think OPs situation is remarkably similar. But kids, being kids, will not be heard by adults when they shout warnings, like “Why haven’t you graded and returned any of my assignments yet this term?” or “This valuable/dangerous thing should be secured, who responsibility is that?” It may not be moral advice, but like the song says, sometimes you have to be cruel to be kind.