Threat Watch

E-Learning Sites with Unsecured Cloud Servers Lead to Students Records Being Exposed

Five different e-learning platforms are the latest to feel the effects of cloud misconfigurations. These consisted of four unencrypted and misconfigured AWS S3 buckets and one unsecured Elasticsearch server. The five affected sites and a rough amount of the records exposed include

  • Escola Digital- 75,000
  • MyTopDog- 800,000
  • Okoo- 7,200
  • Square Panda- 15,000
  • Playground Sessions- 4,100

This amount combines to make the total more than roughly 900,000 records. WizCase, who is responsible for discovering the records, stated, “As many users whose data was leaked aren’t active on the sites anymore, they’re less likely to realize these companies still have their information. However, it’s still possible that their data can be used to aid in various types of online crimes. These dangers are even bigger since many of the users affected by the leaks are children and young people.”

ANALYST NOTES

Users who may have been affected by this situation should verify the legitimacy of suspicious emails. Scams may also be carried out over the phone, so when answering a call from an unknown number, it is best not to discuss any PII. Some users may not suspicious activity on their accounts; this should be reported to the respective outlets as soon as possible.

Source: https://www.infosecurity-magazine.com/news/one-million-online-student-records/?&web_view=true