Online Learning Platform Exposes Data on One Million Students

Team Metalogic Dexter's Blog

Over one million North American students have had their data exposed after a popular online learning platform left it in a publicly accessible cloud database, according to vpnMentor.

Researchers from the firm claimed that the Elasticsearch database belonging to provider OneClass was left completely unsecured.

The trove contained over 27GB of data, amounting to 8.9 million records, including many students’ full names, email addresses, schools/universities, phone numbers, account details and school enrollment details.

Although OneClass secured the database just a few days after being notified on May 20 this year, it subsequently claimed that the exposed information was merely test data, according to vpnMentor.

“However, during our investigation, we had used publicly available information to verify a small sample of records in the database,” the researchers continued.

“Taking the PII data from numerous records, we found the social profiles of lecturers and other users on various platforms that matched the records in OneClass’s database. Based on this, we doubt the veracity of OneClass’s claim and stand by our assessment.”

It goes without saying that hackers could have conducted highly effective follow-on phishing emails with the exposed data, with a view to obtaining financial details from victims, or even spreading malware.

“Furthermore, OneClass users are very young — including minors — and will generally be unaware of most criminal schemes and frauds online. This makes them particularly vulnerable targets. It’s also likely many of them use their parent’s credit cards to sign up, exposing their whole family to risk,” vpnMentor explained.

“With so many students relying on remote learning due to coronavirus, OneClass could be experiencing a surge in new users. Hackers could quickly create fraudulent emails using the pandemic and related uncertainty as a pretext to contact potential victims, posing as OneClass and asking them to divulge sensitive information.”

That’s not to mention the reputational hit to OneClass itself and a potentially significant regulatory compliance burden. Headquartered in Toronto, the firm provides online education resources to millions of students in North America.

We’re Team Metalogic

We’re Team Metalogic, a managed IT services provider offering outsourced IT services to SME’s across the UK. With a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.

Our stress-free solutions don’t complicate things, in fact, they improve efficiency and save money.

News source: https://www.infosecurity-magazine.com/

Share this Post