Over one million students have their data exposed in a publicly accessible cloud database off OneClass e-learning platform.
Over one million students have their data exposed in a publicly accessible cloud database off OneClass e-learning platform.
In the current situation, people are locked down in their homes and are heavily reliant on digital resources for almost all activities be it learning, work or leisure, have launched a wave of a cyberattack against them.
OneClass is an e-learning platform based in Toronto, Canada, which provides study guides and educational assistance materials to millions of students.
vpnMentor researchers discovered the breach during a routine internet scan. The 27GB database includes 8.9 million records and is estimated to have improperly stocked personal information of more than 1 million students, including those who had their membership contradicted by the platform.
The exposed information contained personally identifiable information (PII) including full names, email addresses (some masked), schools and universities attended, contact numbers, course enrollment data and OneClass account details.
As OneClass enrols users from 13 years old, some of the data belongs to minors, who will generally be unaware of most criminal schemes and frauds online. Due to this reason, they are easily vulnerable targets, and as many of them use their parent's credit card to sign up, endangering their whole family to threat.
As soon as vpnMentor disclosed the findings and nature of breach to the company, they immediately secured the database but claimed that it was a test server, and any data stored within had no relation to real individuals.
“However, during our investigation, we had used publicly available information to verify a small sample of records in the database. Thanking the PII data from numerous records, we found the social profiles of lecturers and other users on various platforms that matched the records in OneClass’s database,” vpnMentor explained.
“With so many students relying on remote learning due to coronavirus, OneClass could be experiencing a surge in new users. Hackers could quickly create fraudulent emails using the pandemic and related uncertainty as a pretext to contact potential victims, posing as OneClass and asking them to divulge sensitive information.”
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: “BlueLeaks” Exposes Data of 200 US police Departments and Exposed Online