Renowned education platform leaks personal data of 100,000 students online


December 20, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Renowned education platform leaks personal data of 100,000 students online

Researchers at vpnMentor have discovered a data leak affecting over 100,000 students of the world-renowned education platform McGraw Hill.

The data breach stemmed from two unsecured Amazon Web Services (AWS) S3 buckets belonging to the online education platform that were found leaking over 22 TB of data and over 117 million files.

The buckets included “one production bucket with more than 47 million files and 12TB+ of data, as well as one non-production bucket with more than 69 million files and 10TB+ of data,” according to the researchers who discovered them. “In total, the buckets contained more than 22 TB of data and over 117 million files.”

The researchers uncovered the leaky databases on June 12, and reported that the exposed information includes:

  • Excel sheets listing student names, email addresses and grades
  • Files showing students’ completed assignments, grades and performance reports
  • Files showing syllabi from teachers
  • Reading material for courses
  • Private digital keys and source code from the company

The report also warns that, although no malicious access to the unsecured buckets was detected, “the exposed data would have been enough for skilled hackers to commit many of the most common forms of fraud or online attack against the students exposed.”

This includes identity theft, doxing, targeted phishing attacks and harassment. In the case of phishing, threat actors could have leveraged the exposed data to trick students into giving out additional PII and financial information or downloading malicious software onto their devices.

An analysis of a small batch of student records also allowed investigators to find the social media profiles of students, which means that anyone with malicious intent could have done the same.

“This breach from McGraw Hill was significant in both the amount of data exposed, as well as the number of people and organizations it could affect,” vpnMentor said. “If malicious or criminal actors discovered the exposed data, it could bring harm to students, teachers, universities, and McGraw Hill itself.”

Sensitive files were removed from the public buckets on July 20, and researchers advise students or individuals who are concerned about the breach and how it may directly impact their privacy to reach out to McGraw Hill for more information.

Looking for an easy way to monitor your digital identity and stay on top of data breaches?

Bitdefender offers comprehensive identity protection solutions that immediately alert you when your personal information is at risk and helps you prevent damages and financial losses associated with identity theft.

Check out Bitdefender Digital Identity Protection and Bitdefender Identity Theft Protection (for the US only) today for more peace of mind amid the data breach pandemic.

Stay Safe!




Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.

View all posts

You might also like