One Million Student Records Compromised by E-Learning Sites

About one million online student records that contain personal information of students have been leaked due to the cloud misconfigurations in a total of five e-learning platforms. The exposed personal information of students included their full names, email and home addresses, DoB, ID numbers, and school information.

The VPN comparison demonstrated about four misconfigurations as well as unencrypted AWS S3 buckets along with an unsecured Elasticsearch server. These loopholes in the digital systems became the reason for a data breach which compromised details of a big number of e-learners which does not only include students but information of teachers and parents as well. 

All this data breach information was found by WizCase and it warned the online users against potential cyberattacks such as identity fraud, phishing attacks, blackmail, and stalking, etc.

“As many users whose data was leaked aren’t active on the sites anymore, they’re less likely to realize these companies still have their information,” it added.

“However, it’s still possible that their data can be used to aid in various types of online crimes. These dangers are even bigger since many of the users affected by the leaks are children and young people.”

In this data breach, the affected companies include Soutfrican sinamed MyTopDog that exposed more than 800,000 records due to misconfigured S3 bucket and this breach includes the data related to Vodacom School that is its business partner. Another company is Escola Digital which exposed 15MB of data which is estimated to be around 75,000 records. Kazakhstan-based Okoo, also leaked 7200 records through an Elasticsearch server. 

WizCase requests users whose data got compromised to keep a regular check over their data and be extra cautious while doing online activities.