The American Archive of Public Broadcasting (AAPB) identified and addressed a significant security concern on its website. For years, the public had access to download private videos and programs that were never intended for public consumption. The information enabling users to obtain these files had been known by some since 2021, yet users continued to utilize the leak.
GBH and the Library of Congress maintain the archive. It's a robust collection of old public TV and radio programs, a significant resource for media enthusiasts. I love that organizations like this save history, but they will obviously need to implement significant security measures.
• Fan groups love to preserve rare media, but sometimes they go too far and rarely become pirated.
• Instances like this highlight that digital archives can be sensitive.
• While nothing was hacked and no malware was developed, it still exposed personal material.
And I'm glad that's the case, but it makes me wonder - what other archival repositories have hidden vulnerabilities? If we care about history, does it really matter to care about its safety?
How The Bug Functioned
This vulnerability, known as an IDOR flaw, meant that users discovered that if you simply changed numbers in the video link, users could access shows that had been restricted from viewing. Instead of blocking the access, the website merely provided the video file link. To make things easier, several people wrote the instructions on Discord for them to use. This is how restricted street or public programming appeared online.The famous Sesame Street leak
Remember the "lost" episode of Sesame Street, featuring the Wicked Witch of the West? Many Sesame Street fans speculated how the episode had leaked, and now it seems that the bug may have been the cause of the "leak." In fact, several organizations posted on social media that they received the episode, and later removed it for consideration that it was likely pulled from the same error.How AAPB Fixed This
As soon as AAPB was alerted to this issue, the team was able to fix this problem in less than 48 hours. That's a quick turnaround! They also indicated their goal to secure the information in the archive's holdings.GBH and the Library of Congress maintain the archive. It's a robust collection of old public TV and radio programs, a significant resource for media enthusiasts. I love that organizations like this save history, but they will obviously need to implement significant security measures.
Why It Matters
Here's why this is a story worth covering:• Fan groups love to preserve rare media, but sometimes they go too far and rarely become pirated.
• Instances like this highlight that digital archives can be sensitive.
• While nothing was hacked and no malware was developed, it still exposed personal material.
Final Thoughts
To put it simply: there was a bug in AAPB’s website that let people access restricted shows for years before it was fixed (it’s now). The bug has been resolved, but I don't think the world knows how much content was accessed.And I'm glad that's the case, but it makes me wonder - what other archival repositories have hidden vulnerabilities? If we care about history, does it really matter to care about its safety?
