Edmodo Hacked: 77 Million Accounts Of Students, Teachers, Parents Stolen From Education Social Network
Online education platform Edmodo confirmed Wednesday it was hacked and personal information from 77 million users — students, parents and teachers — was accessed.
In a letter sent to affected users, Edmodo confirmed that user names, email addresses and hashed passwords were acquired by the hacker from the “No. 1 K-12 social learning network in the world.”
That data reportedly was for sale on the dark web, and a large portion was made available by for-profit database breach tracker LeakBase.
Read: DocuSign Hacked: Customer Email Addresses Accessed, Used To Send Malware
The passwords were hashed — a function that converts standard passwords into strings of random characters — using an encryption algorithm known as bcrypt. The passwords were also salted, which adds additional random data to a hash to make it harder to decipher.
Because of these encryption protections, Edmodo said it believes none of the stolen passwords have been compromised. However, it is advising users to change their passwords as soon as possible.
Because many people have a tendency to use the same password for multiple accounts, prior leaks can often reveal full or partial passwords that can be used to log in to another account belonging to the same user. Even if the Edmodo passwords are secure, user accounts are still at risk.
“Safeguarding trust and security of our users is of the utmost importance to Edmodo,” the company said in an email to users. “We promptly retained leading information security experts to investigate this incident and reported the incident to law enforcement.”
While emails have been sent out to users, Edmodo is yet to make any mention of the significant database breach elsewhere. There is no mention of the security lapse on any of the company’s social media presences, including Facebook and Twitter nor a post on the company’s blog to inform users they may be at risk.
Read: VTech Takes Learning Lodge Website Offline After Hack Reveals Details Of Over 200,000 Children
The breach of Edmodo’s servers reportedly took place last month when a hacker was able to gain access to the company’s database and steal information from a large chunk of the education network’s users, which includes K-12 students, parents and educators.
A report from Motherboard last week spotted a listing for the stolen Edmodo accounts on the dark web where the user data was on sale for just over $1,000. The listing claimed to contain 77 million accounts. LeakBase has listed just under 70 million and reported about 40 million include an email address.
Database breaches are incredibly common now but the Edmodo breach is the latest of a particularly concerned subset of breaches in which the information of children has been compromised.
In 2015, internet-connected toy manufacturer VTech came under fire after the company’s Learning Lodge site, an online portal where customers could create accounts to download educational games and apps, was hacked.
The VTech breach led to nearly 5 million user accounts being compromised, including more than 200,000 accounts created for children. Those accounts contained information such as real names, email addresses, passwords and home addresses.
© Copyright IBTimes 2024. All rights reserved.