CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Insecure Direct Object Reference in American Archive of Public Broadcasting

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

The American Archive of Public Broadcasting (AAPB) website contained an insecure direct object reference (IDOR) flaw that allowed unauthorized access to protected and private media files. The vulnerability was exploited since at least 2021 and was quietly patched in September 2025. The flaw was first reported by an anonymous researcher and later confirmed by AAPB. The bug allowed users to bypass access controls by manipulating media IDs in requests, enabling unauthorized downloads of restricted content. The exploit circulated among data hoarder communities on Discord, leading to the unauthorized sharing of protected media, including a leaked episode of Sesame Street. The AAPB is a public nonprofit archive operated by WGBH Educational Foundation and the Library of Congress, dedicated to preserving historically significant public media content in the United States.

Timeline

  1. 22.09.2025 23:25 πŸ“° 1 articles Β· ⏱ 9h ago

    IDOR flaw in AAPB website exploited since 2021, patched in September 2025

    A vulnerability in the American Archive of Public Broadcasting's website allowed unauthorized access to protected and private media files since at least 2021. The flaw was quietly patched in September 2025. The exploit involved manipulating media IDs in requests to bypass access controls, enabling unauthorized downloads of restricted content. The exploit circulated among data hoarder communities on Discord, leading to the unauthorized sharing of protected media, including a leaked episode of Sesame Street.

    Show sources
    Open in new tab

Information Snippets