2 min read

Cybersecurity Researchers Discover 5 e-learning Websites Leaking Nearly 1 Million User Records

Alina BÎZGĂ

July 21, 2020

Cybersecurity Researchers Discover 5 e-learning Websites Leaking Nearly 1 Million User Records

WizCase researchers have stumbled upon five leaky e-learning websites that exposed the personal information of nearly 1 million users, including minors. Each exposed database was housed on misconfigured and unsecured servers, allowing unauthorized access to sensitive information.

Cybersecurity researchers noted that the platforms were predominantly used by underage people, and the exposed data included full names, email addresses, ID numbers, phone numbers, home addresses and date of birth and school or course information.

Escola Digital, a Brazilian website offering a wide range of digital courses for both students and teachers was found leaking the personal records of nearly 75,000 active users between 2016 and 2017. On top of personal identifiable information, the misconfigured bucket included links to certificates of users who attended the platform”s online classes.

MyTopDog, a South African children-oriented study platform providing practice tests and interactive games, exposed over 800,000 student records, courtesy of a misconfigured Amazon S3 bucket. Within a 50MB database, researchers discovered various types of data:

• An Excel file containing 50,000 entries of PII of users registered in 2016-2017
• A CSV file with 800,000 user entries with full names, cellphone numbers, date of birth, gender and guarding contact information
• PDF file that seemed to be part of business agreement between the e-learning platform and a local school

Okoo, an online learning platform for children in Kazakhstan, exposed 7,200 user records that included PII and nearly 1 million entries regarding user activity on the platform and analytics. The misconfigured 418 MB database revealed PII such as full names, clear-text passwords, email addresses, completed courses, and quiz scores of students. Additionally, researchers found an entry that appeared to include admin credentials.

“However, those weren”t tested for ethical reasons,” the team of investigators said. “This poses multiple threats to the site and its users as attackers could use administrative login details to manipulate Okoo content and easily access extensive user data.”

Square Panda, a US-based virtual platform that helps children learn how to read and write, exposed the information of nearly 15,000 users. A MB CVS file stored a backup users” personal data, including full names, email addresses, phone numbers, and account type (parent or teacher).

Playground Sessions, a virtual piano lesson platform in the United States, revealed the private information of around 4,100 users registered between 2011 and 2013. Besides full names, usernames, emails and hashed passwords, the leak included app scores, lessons and practice records.

Researchers warn that the risks for parents, students and teachers to fall victim to identity theft or fraud are high.

“As many users whose data was leaked aren”t active on the sites anymore, they”re less likely to realize these companies still have their information,” the investigators said. “However, it”s still possible that their data can be used to aid in various types of online crimes. These dangers are even bigger since many of the users affected by the leaks are children and young people.”

Check if your personal info has been stolen or made public on the internet, with Bitdefender”s Digital Identity Protection tool.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Epik Data Breach Affects 15 Million Customer and Non-Costumers. Are You a Victim? Epik Data Breach Affects 15 Million Customer and Non-Costumers. Are You a Victim?
Alina BÎZGĂ

September 22, 2021

2 min read
To Call or Not To Call: Identity Thieves Prey On Credit Union Members Account Data and Money in Ongoing Spam Campaign To Call or Not To Call: Identity Thieves Prey On Credit Union Members Account Data and Money in Ongoing Spam Campaign
Alina BÎZGĂ

September 21, 2021

3 min read
The difference between a VPN and Incognito Mode. How do they protect your privacy? The difference between a VPN and Incognito Mode. How do they protect your privacy?
Cristina POPOV

September 20, 2021

2 min read