A hacker stole 77 million Edmodo user accounts, including email addresses, usernames, and hashed passwords, according to the ed tech publication EdSurge.
Motherboard, a tech and science publication owned by Vice, reported that the hacker put the data up for sale on a “dark web” marketplace called Hansa for some $1,000.
It’s unclear whether or to what extent the attack was related to the global cyberattack in early May that has since affected 200,000 computers in 150 countries, CNN reported Monday. It targeted Microsoft Windows users, deploying “ransomware” that locks down all files and extorts money in exchange for release of the files. Victims included FedEx and Nissan.
The San Mateo, California–based Edmodo was founded in 2008 and is primarily a social network for teachers to connect and share lesson plans with their counterparts across the country or around the world. It also functions as a homework and grade-tracking system to help parents stay engaged in their children’s school lives.
I wrote about the company for The 74 in July 2015 and created a user account so I could try it out. I received an email from Edmodo early Wednesday morning alerting me to the breach and recommending that I update my password. The company said it promptly hired security experts to investigate and reported the incident to authorities. But the email appears to be the first official communication from the company to its users since the attack was publicly reported a week ago.
“Protecting the privacy of our users is of the utmost importance to Edmodo,” said Mollie Carter, the company’s vice president of marketing and adoption. “We take this report very seriously, and we are investigating. We have no indication at this time that any user passwords have been compromised, and we want to let everyone know that we are working with law enforcement. We have no other confirmed information to share right now.”
Edmodo officials did not immediately respond to a request for further comment.
The incident is the second large-scale data breach of an education technology company reported this year, according to EdSurge. In April, a security researcher found that Schoolzilla, which offers data warehousing services and tools to school districts, had been backing up personally identifiable student data to a publicly accessible location because of a flaw in its configuration settings. Some 1.3 million students may have been exposed.