Reports of the recent Edmodo data breach inform us that around 77 million unique user account details were stolen from the popular education platform.
This online platform is widely used throughout U.S. and Canadian schools to support learning by allowing students, teachers and parents to access learning plans and homework. Media outlet Motherboard reported that nearly 77 million users account details were for sale on the dark web.
What details were hacked?
This is a classic case of hackers gaining information with the view to exploit it on the dark web for a hefty profit. The stolen data included:
- Usernames
- Email addresses
- Hashed passwords
The dark web – a platform for cyber criminals
The dark web is essentially an online selling platform for hackers to sell private and confidential information that criminals can use to either extort money or gain access to further private information.
Edmodo has acknowledged the breach and said:
“Edmodo was recently alerted that somebody may have stolen Edmodo usernames, email addresses and hashed passwords. We immediately started investigating how this incident might have occurred, and we engaged the services of outside cyber-security experts and reported the incident to law enforcement.”
The company reinforced the fact that their passwords are “hashed” making them harder to decrypt, but despite assurances there is a medium risk that hackers can gain access.
Motherboard reported they had found evidence on the dark web that information from the Edmodo data breach was being illegally sold. They found one anonymous user selling access to the database for just short of £900.
Failing their users
Edmodo have arguably failed to protect their users’ data protection rights, and it’s even more worrying that many of the users are children.
Although Edmodo say they used “hashed” passwords, hackers still managed to gain access to a wealth of personal information. This case is still ongoing and is currently being investigated by law enforcement agencies.