Students voting off campus who logged on to ETSU’s home page early Tuesday morning to vote in the SGA elections had no idea that they were potentially putting their personal information at risk.
The link provided on ETSU’s home page lacked the proper security syntax that would have encrypted student Goldlink IDs and passwords. Instead sensitive information was sent across the Internet in plain text.
“Losing your z-account is one thing – but losing your Goldlink ID is another . that is everything,” said computer science student Gabe Ghearing, who heard about the security problem Tuesday afternoon. Ghearing immediately notified the ETSU Web manager.
“Just log in to Goldlink and see what is there – it would be a gold mine for identity theft, you could access addresses, phone numbers and financial aid information,” Ghearing said.
The protocol for a secure login should be “https” instead of “http.” The “https” provides an extra layer of encryption for the data being sent, but this protocol was not the used for students voting early Tuesday.
“When they tested the vote they used non-encryption and unfortunately it was accidentally posted as the real vote” said Mark Bragg, chief information officer for OIT.
Bragg maintains that the actual risk of information getting into the wrong hands was extremely low. “It was very unlikely that anyone was sniffing the network at that time.”
“It was fixed as soon as it was brought to our attention,” noted Dr. Sally Lee, associate vice president for student affairs.
“No one has any reason to be alarmed or be discouraged from voting,” said Bragg, adding that this vote and future ETSU votes will be secure.
The error was limited to login privacy for those voting off campus. According to OIT there was no possibility that it affected election results.

Author