Proving that nothing is sacred, some asshole recently hacked the website for the National Spelling Bee and stole personal information from the site’s users.
Gizmodo first spotted that the Bee had been hacked in a mandatory data breach filing submitted in February to the California Attorney General’s Office. According to the notice, a digital intruder used a previously unknown vulnerability to break into spellingbee.com on Jan. 12, taking the opportunity to steal users’ login credentials—both usernames and passwords. The site is largely a resource portal for contestants’ parents, sponsors, and teachers.
In an email to Gizmodo, Michael Perry, senior director for external communications at Scripps, revealed that tens of thousands of users’ email addresses had been exposed as a result of the hack: “According to public filings, roughly 54,800 email addresses were vulnerable. An undetermined number of those were old and/or inactive,” he said. It wasn’t immediately clear if the email addresses had been used as usernames, or whether they were stored separately from the stolen login credentials.
After learning of the incident, Scripps hired a digital forensics firm to investigate and also contacted law enforcement. The website was also quickly patched. “We took swift and appropriate action, including disabling passwords. We notified all affected users,” Perry said.
Scripps has instructed users to change their passwords—especially those linked to the site that may have also been used for other personal accounts. The Bee offered online sign-ups via its website since as far back as 2008, The Wayback Machine shows.
Not many have reached out to the Bee with concerns about the incident, according to Perry. “The company received a handful of calls or emails after users were notified [of the hack]. We responded to each, and there were no further concerns expressed,” he told Gizmodo.
The Scripps National Spelling Bee is the most well-known contest of its kind in the country, annually bringing together a cadre of children from throughout the U.S. for a friendly competition in locution. Last year, Zaila Avant-garde made history as the first Black American contestant to win by spelling the word “Murraya,” a genus of citrus plants.
Hacking America’s spelling bee really seems like a kind of moral low point for the digital age. Sure, cybercriminals have exhibited an utter lack of scruples when it comes to harassing and stealing from schools, churches, hospitals, funeral homes, non-profits and charities...
...But dear God, the spelling bee? Leave the goddamn spelling bee alone! More than anything it’s just further proof that hackers will hack pretty much anything. If there’s an open door or window, someone is going to climb through it.