Whether done maliciously or by blatant mistake, sensitive data such as social security numbers and addresses should never be stored unencrypted in HTML source code online. When designing a website for your business, it is wise to research and invest in programmers and developers who take your data seriously. You want a team who is experienced and is as passionate about keeping your personal data secure as you are.
For years, most major web browsers have contained a “view source” function. This function has allowed developers to access the HTML source code located “behind-the-scenes” of public websites. But what is stored in the HTML source code and how accessible is it really?
The source code contains the coding behind the website. In layman’s terms, it specifies the actions to be performed by the website and makes it easy for developers or programmers to make modifications down the road. However, this HTML source code is not difficult to uncover. With a simple press of F12, all of the information the programmer has made public within the code is available to anyone interested. No passwords required. This is why it is imperative to never store sensitive data inside the code.
What could happen when data a company believes to be secure is accidentally (or maliciously) stored inside the code? It becomes accessible to the general public and could put you at serious risk.
Recently in Missouri, a professor discovered a major security flaw present on a publicly accessed website. The website allowed visitors to look up credentials of Missouri state teachers by school assignments, last names and/or the last four digits of their social security numbers – or so the teachers believed.
What they didn’t realize is that someone had stored their FULL social security numbers inside the HTML source code on the website. This sensitive information was being sent to every visitor on the website, whether they realized it or not. In cases like the one in Missouri, the professor wanted to make the public (and teachers) aware that their data was being put at risk.
But what could happen when a hacker or someone with ill-intentions stumbled across the same information? Identity thieves commonly use your social security number to obtain access to your bank accounts, medical records, and other information that can cause you and your family significant harm.
A mistake like this is all too easy to make, and it can be costly for everyone involved.
Don’t wait until your data is compromised. Schedule a consultation with one of our developers here at Triple Helix Corporation and see how we can help you implement protective measures to keep your sensitive personal information and business data secure.
