Online Learning Platform Exposes Data on One Million Students
Over one million North American students have had their data exposed after a popular online learning platform left it in a publicly accessible cloud database, according to vpnMentor.
Researchers from the firm claimed that the Elasticsearch database belonging to provider OneClass was left completely unsecured.
The trove contained over 27GB of data, amounting to 8.9 million records, including many students’ full names, email addresses, schools/universities, phone numbers, account details and school enrollment details.
Although OneClass secured the database just a few days after being notified on May 20 this year, it subsequently claimed that the exposed information was merely test data, according to vpnMentor.
“However, during our investigation, we had used publicly available information to verify a small sample of records in the database,” the researchers continued.
“Taking the PII data from numerous records, we found the social profiles of lecturers and other users on various platforms that matched the records in OneClass’s database. Based on this, we doubt the veracity of OneClass’s claim and stand by our assessment.”
It goes without saying that hackers could have conducted highly effective follow-on phishing emails with the exposed data, with a view to obtaining financial details from victims, or even spreading malware.
“Furthermore, OneClass users are very young — including minors — and will generally be unaware of most criminal schemes and frauds online. This makes them particularly vulnerable targets. It’s also likely many of them use their parent’s credit cards to sign up, exposing their whole family to risk,” vpnMentor explained.
“With so many students relying on remote learning due to coronavirus, OneClass could be experiencing a surge in new users. Hackers could quickly create fraudulent emails using the pandemic and related uncertainty as a pretext to contact potential victims, posing as OneClass and asking them to divulge sensitive information.”
That’s not to mention the reputational hit to OneClass itself and a potentially significant regulatory compliance burden. Headquartered in Toronto, the firm provides online education resources to millions of students in North America.
We’re Cloud Nexus
We’re Cloud Nexus and we believe that technology should make life easier, not harder.
We help people move to the cloud, secure their data and work with customers in awesome new ways. We’ll get to know your business and create the most appropriate solution to meet your technical requirements while being commercially sensible in cost. Please contact the team today on +44 (113) 539 0192 or hello@cloudnexus.co.uk.
News Source:https://www.infosecurity-magazine.com/
