14 DAY TRIAL // Education platform Edmodo has been hit by a hacker who stole millions of records about users, including usernames, email addresses, and hashed passwords.
According to Motherboard, all the details on the students using this platform are currently on sale on the dark web. Edmodo isn't used by kids alone, but also teachers and parents who work together on lesson plans, assign homework and so on. There are about 78 million members, the company says.
The bad part is that the data trove that's being sold on the dark web contains a proclaimed 77 million records, which means pretty much everyone is affected by this incident. LeakBase, a for-profit breach notification site says that out of those 77 million records, about 40 million include an email address.
The site provided Motherboard with a sample containing over two million user records, some of which were then tested to see if they were really Edmodo users. All of them checked out.
At least passwords are protected
As mentioned before, the data trove includes email addresses, usernames, and hashed passwords. Thankfully, those passwords have been hashed with the bcrypt algorithm, as well as a string of random characters. That means hackers are going to have a hard time obtaining the passwords in plain text, if they ever will.
Better said, however, those who buy the info package are the ones that will have a hard time because the trove of data is being sold by a vendor going by the name of nclay for just over $1,000. Taking into consideration how many users were affected, this seems to be quite a low price.
"Edmodo has learned about a potential security incident. Protecting the privacy of our users is of the utmost importance to Edmodo. We take this report very seriously and we are investigating," said the company's Mollie Carter, VP of Marketing and Communications.