Hacker Steals Millions Of User Account Details From Education Platform Edmodo

A hacker has stolen millions of user account details from popular education platform Edmodo, and the data is apparently for sale on the so-called dark

Google Vows Privacy Changes in Chrome Browser After User Backlash
Google Awards Record $112,500 Bounty for Android Exploit Chain
The NSA's foreign surveillance: 5 things to know

A hacker has stolen millions of user account details from popular education platform Edmodo, and the data is apparently for sale on the so-called dark web.

Teachers, students and parents use Edmodo to work on lesson plans, assign homework, and more. The organization claims to have over 78 million members.

“Thanks to those who guided and supported us in the beginning, we’re now the number one K-12 social learning network in the world, dedicated to connecting all learners with the people and resources they need to reach their full potential,” Edmodo’s website reads.

For-profit breach notification site LeakBase provided Motherboard with a sample of over two million user records for verification purposes. The data includes usernames, email addresses, and hashed passwords.

The passwords have apparently been hashed with the robust bcrypt algorithm, and a string of random characters known as a salt, meaning hackers will have a much harder time obtaining user’s actual login credentials. Not all of the records include a user email address.

Motherboard verified the data by attempting to create new Edmodo accounts with a large, random selection of emails included in the data. With every tested email this was not possible, because the address was already linked to an Edmodo account.

One Edmodo user reached by Motherboard also confirmed they used the service, and said she signed up five to six years ago.

The dark web listing of the stolen Edmodo data. Image: Screenshot

A vendor going under the name of nclay is currently listing the Edmodo data on the dark web marketplace Hansa for just over $1,000. In all, nclay claims to have 77 million accounts, and according to LeakBase, around 40 million include an email address. (Motherboard has not seen the full alleged database).

The accounts were stolen last month according to nclay’s dark web listing. The vendor did not respond to a request for clarification.

“Protecting the privacy and security of our users has always been critical to Edmodo,” the company’s VP of Marketing and Communications Mollie Carter told Motherboard in an email.

The company is investigating the data breach.

Go to Source

COMMENTS