A hacker has broken into Edmondo, a site dedicated to teaching, and the sensitive data of teachers, students and parents are for sale on the dark web
Edmodo, for those who don't know it, is a platform that allows students (of elementary school), parents and teachers to register and collaborate with each other. The attack suffered, apparently last month, stole sensitive data such as usernames, emails and hashed (i.e. encrypted) passwords.
We're talking about a platform that hosts, according to data provided by Edmodo, over 78 million members. The notification of the breach was made known by the LeakBase service that provided Motherboard site with a sample of more than two million data and stated that the data would be already for sale in the so-called dark web to the highest bidder. Edmodo had, fortunately, a system for encrypting passwords using a defense technique known as password hashing. The hacker does not have any clear passwords, but only a list of random characters that is practically unusable.
Data for sale on the dark web
The hacker, thanks to this precaution taken by Edmodo, will have a hard time getting the actual login credentials of the users. A vendor, one nclay, is currently selling Edmodo's stolen data haul on the Hansa marketplace on the dark web for just over $1,000. Nclay claims to be in possession of about 77 million accounts and, according to LeakBase, about 40 million include an email address. Edmodo, meanwhile, released a statement to the website Motherboard. Mollie Carter - VP Marketing and Communications at Edmodo - explained that "Edmodo has learned of a potential security incident" and that "protecting the privacy of users is of the utmost importance to Edmodo. We are taking this report very seriously and are investigating."