CyberHappenings logo

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Insecure Direct Object Reference Exploit in American Archive of Public Broadcasting

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A vulnerability in the American Archive of Public Broadcasting's website allowed unauthorized access and downloading of protected and private media files since at least 2021. The flaw, an insecure direct object reference (IDOR) bug, was exploited to bypass access controls and retrieve restricted content. The issue was fixed in September 2025. The American Archive of Public Broadcasting (AAPB) is a collaborative project between the Library of Congress and WGBH Educational Foundation. The vulnerability was first reported by an anonymous cybersecurity researcher and was exploited by data hoarder communities, leading to the unauthorized sharing of media on platforms like Discord. The exploit was facilitated through a simple Tampermonkey script that manipulated media access requests, bypassing the archive's access controls.

Timeline

  1. 22.09.2025 23:25 1 articles · 6d ago

    IDOR vulnerability in American Archive of Public Broadcasting exploited since 2021

    A vulnerability in the American Archive of Public Broadcasting's website allowed unauthorized access and downloading of protected and private media files since at least 2021. The flaw, an insecure direct object reference (IDOR) bug, was exploited to bypass access controls and retrieve restricted content. The issue was fixed in September 2025. The exploit was facilitated through a simple Tampermonkey script that manipulated media access requests, bypassing the archive's access controls. The vulnerability was first reported by an anonymous cybersecurity researcher and was exploited by data hoarder communities, leading to the unauthorized sharing of media on platforms like Discord.

    Show sources

Information Snippets