“The Social Security numbers and test scores of 619 students at public schools in Catawba County, N.C., were available online via Google’s search engine until Friday, when the company complied with a local court order to delete all information about that county’s board of education from its servers.
According to sources, a student may have stored a username/password in a link in the form of a GET url that included a nonexpiring sessionid. The school apparently was unaware that a GET statement worked the same on their software as a POST. ”
I read a Daily WTF about this once, I laughed then, not so funny for the web programmer who did the schools application 🙁