Scripps National Spelling Bee Website Hacked, Emails Exposed

Image for article titled Someone Hacked the Spelling Bee

Photo: Katherine Frey/The Washington Post (Getty Images)

Proving that nothing is sacred, an asshole recently hacked into the National Spelling Bee’s website and stole personal information from users of the site.

Gizmodo first noticed that the bee was hackeded in a mandatory data breach deposit submitted in February to the California Attorney General’s office. According to the advisory, a digital intruder used a previously unknown vulnerability to break into spelling.com on January 12, taking the opportunity to steal user login credentials, both usernames and passwords. The site is largely a resource portal for applicants’ parents, sponsors and teachers.

In an email to Gizmodo, Michael Perry, Senior Director for external communications at Scripps, revealed that tens of thousands of user email addresses were exposed as a result of the hack: “According to public records, approximately 54,800 email addresses were vulnerable. An unknown number of them were elderly and/or inactive,” he said. It was not immediately clear if the email addresses had been used as usernames or if they were stored separately from the stolen login credentials.

After learning of the incident, Scripps hired a digital forensics firm to investigate and also contacted law enforcement. The website was also quickly patched. “We took prompt and appropriate action, including disabling passwords. We have notified all affected users,” Perry said.

Scripps has asked users to change their passwords, especially those related to the site which may also have been used for other personal accounts. The Bee had been offering online registrations through its website since 2008, The Wayback Machine shows.

According to Perry, few people contacted the bee to be concerned about the incident. “The company received a handful of calls or emails after users were notified [of the hack]. We responded to each and no further concerns were raised,” he told Gizmodo.

The Scripps National Spelling Bee is the most well-known competition of its kind in the country, bringing together a group of children from across the United States each year for a friendly locution competition. Last year, Zaila Vanguard make history as the first black American contestant to win by spelling the word “Murraya”, a kind of citrus fruit.

The American spelling bee hack really does seem like a moral low point of sorts in the digital age. Of course, cybercriminals have shown complete lack of scruples when it comes to harassing and stealing schools, churches, hospitals, undertakers, Nonprofit and charities

… But what the hell, the spelling bee? Ditch that damn spelling bee! More than anything, it’s just more proof that hackers will pretty much hack nothing. If there is an open door or window, someone will climb through it.

Sherry J. Basler