【18 U.S.C 2257】

Teenager Bill Demirkapi had been ghosted. Hard. "It didn’t feel good8 U.S.C 2257" he explained to the large crowd gathered to hear him speak. "It hurt my feelings.”

But Demirkapi, despite his status as a recent high-school graduate, wasn't lamenting the traditional spurned-love problems typical of his cohort. Far from it. Instead, he was speaking at the famous DEF CON hacker conference in Las Vegas, and the ghoster-in-question was educational software maker Blackboard.

Demirkapi had reported numerous vulnerabilities in Blackboard's software to the company; after initially being in communication with him, the company stopped responding to his emails. But Demirkapi, who found he could access a host of student data — including family military status, weighted GPAs, and special education status — through vulnerabilities in Blackboard's system, was undeterred.

In fact, he was just getting started. And Blackboard wasn't his only target.

Original image has been replaced. Credit: Mashable

Over the course of his high school career, Demirkapi — a budding security researcher — also investigated K-through-12 software maker Follett. In doing so, he determined the company left millions of student and teacher records exposed to anyone who bothered to look.

Specifically, he explained, there were more than 5 million student and teacher records in the system that covered over 5,000 schools. Left exposed were students' immunization history, attendance data, school photos, birthdays, and more.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

"It was my data too in there," he told the audience of decidedly not teenage hackers. "This was pretty crazy stuff."

He tried to do the right thing and notified both his high school and the software manufacturers of his discoveries. Using a flaw in the system to alert students and teachers to its vulnerabilities, however, earned him a two-day suspension.

"Two days off of school," he said of the punishment. "I think it’s a pretty big win-win."

SEE ALSO: Remotely hacking elevator phones shouldn't be this easy

Eventually, Follett and Blackboard did listen — and many of the vulnerabilities he reported were patched at the end of July.

"Blackboard is always working hard to improve both the security of our products as well as the process and procedures we leverage in support of security," read a statement the company provided Demirkapi and he shared with DEF CON.

Asked by a member of the crowd what he's going to do next, Demirkapi gave an answer that elicited raucous applause from the hacker crowd: "Start college, maybe break their software."

Never give up on your dreams, Bill. The privacy of millions of students and teachers is counting on it.

---

Featured Video For You

---

From ATMs to printers, hackers prove you can play 'Doom' on anything

---

Topics Cybersecurity

• Science
• Entertainment
• Social Good
• Tech
• Digital Culture
• Life
• Shopping
• Deals

• Dyson V8 Plus cordless vacuum: $120 off at Amazon
• UEFA Nations League livestream: How to watch Nations League for free
• The State of Mining: Guide to Ethereum
• Best streaming deal: Save 15% on the Google Streamer
• Today's Hurdle hints and answers for May 12, 2025
• Ultra clear Liquid Glass look for the iPhone is wild. Here's how to get it
• How to unblock Pornhub for free
• NYT Strands hints, answers for June 8
• The internet is talking like Kevin from 'The Office' now
• Have tariffs come for Home Depot's viral 12

• Are We Reaching GPU Normalcy? The Answer is (Almost) Yes
• Interview: What is it Like to Develop a Game in VR?
• How to Change Your Monitor's Refresh Rate in Windows
• 10 Tips to Get You Started with Microsoft PC Game Pass
• U.K. couple steals back stolen car after tracking it down with Apple AirTag
• Best fitness deal: The Merach R50 rowing machine is 35% off at Amazon
• The Analog Embrace: How Some Experiences Are Surviving the Digital Age
• Today's Hurdle hints and answers for June 17, 2025
• Cloud Storage Basics: Google Drive, Dropbox, OneDrive, and More Compared
• Bluetti Solar Generator (AC70): $270 off at Amazon

• Apple iPhone 17 Pro leaks highlight major new design change
• Best Bluetooth speaker deal: $99 Beats Pill at Amazon
• Best headphones deal: Save $100 on Beats Solo 4
• 7 Samsung Galaxy S25 settings you should change ASAP
• A Typical Wall Street Republican
• Apple iPad Pencil 2nd Gen deal: Only $19.99 at Woot!
• The State of Mining: Guide to Ethereum
• Thunder vs. Pacers 2025 livestream: Watch Game 2 of NBA Finals for free
• Alienware M16 Gaming Laptop deal: Save $560
• One of the best Nintendo Switch 2 launch games is just $15

• The Best Gaming Concept Art of 2016
• Alcaraz vs. Sinner 2025 livestream: Watch French Open final for free
• Today's Hurdle hints and answers for June 9, 2025
• How to unblock Pornhub for free in Florida
• 'Thunderbolts*' mid
• Three Apps to Combine All Your Messaging Clients Into One
• Three Apps to Combine All Your Messaging Clients Into One
• The Best Video Game Gamepad Controllers
• NYT Connections Sports Edition hints and answers for May 18: Tips to solve Connections #237
• Apple WWDC 2025: iOS 26 confirmed