Comment by glenjamin

Comment by glenjamin 2 days ago

There's a couple of passing mentions of Download Monitor, but also the timeline strongly implies that a specific source was simply guessing the URL of the PDF long before it was uploaded

I'm not clear from the doc which of these scenarios is what they're calling the "leak"

shawabawa3 2 days ago

> but also the timeline strongly implies that a specific source was simply guessing the URL of the PDF long before it was uploaded

A bunch of people were scraping commonly used urls based on previous OBR reports, in order to report as soon as it was live, as it common with all things of this kind

The mistake was that the URL should have been obfuscated, and only changed to the "clear" URL at publish time, but a plugin was bypassing that and aliasing the "clear" URL to the obfuscated one

Reply View 1 reply

physicsguy 2 days ago

> in order to report as soon as it was live
We don't actually know that, it's just that the report did hit Reuters pretty swiftly.

Reply View | 0 replies

dazc 2 days ago

https://obr.uk/docs/dlm_uploads/OBR_Economic_and_fiscal_outl... 5.pdf

Not hard to guess really. Wouldn't they know this was likely and simply choose a less obvious file name?

Reply View 1 reply

jonplackett 2 days ago

Turn out, no. Not they would not.

Reply View | 0 replies

blurayfin 2 days ago

https://www.pluginscore.com/plugins/download-monitor

Reply View 0 replies

longwave 2 days ago

It sounds like a combination of the Download Monitor plugin plus a misconfiguration at the web server level resulted in the file being publicly accessible at that URL when the developers thought it would remain private until deliberately published.

Reply View 0 replies