Sunday, February 23, 2025
HomeData Breach1M e-learning Student Records Exposed Online From Misconfigured Cloud Storage

1M e-learning Student Records Exposed Online From Misconfigured Cloud Storage

Published on

SIEM as a Service

Follow Us on Google News

More than 1 million e-learning users data exposed from a misconfigured and unencrypted Amazon S3 buckets and other types of servers. The exposed data can be accessed by anyone online without any form of authentication.

e-learning Students Data Leak

The breach was found by researchers at Wizcase, the breach affects 5 different eLearning Companies around the globe. The data found to be stored 4 Amazon S3 buckets and an ElasticSearch server, due to misconfigurations the data are available publically.

Following are the data exposed;

  • Full names
  • Email addresses
  • ID numbers
  • Phone numbers
  • Home addresses
  • Date of birth
  • Specific course and school information

What are the Companies Affected

Escola Digital – Brazilian eLearning website exposes several CSV files with user’s personally identifiable information. The data found to be collected between 2016 and 2017.

MyTopDog – Platform specifically for school children based in SoutAfrica, exposes over 800,000 students data and other business information.

Okoo – Online Learning Platform for Children, the platform exposes almost 1 million entries of users’ activity.

Square Panda – Virtual platform launched to help children learn how to read and write through various online games. The platform exposes over 15,000 user records.

Playground Sessions – It offers virtual piano lessons, around 4,100 users records exposed from the open Amazon bucket.

Seems many of the users affected in the breach are children and young people, attackers may launch Phishing and scam attack using the personal information.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Cognizant Confirms Data Breach After Ransomware Attack

ZEE5 Hacked – Hackers Stolen Over 150GB of Live Data from Video on Demand Platform

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

New Zhong Stealer Malware Exploit Zendesk to Attack Fintech and Cryptocurrency

A newly identified malware, dubbed Zhong Stealer, has emerged as a significant threat to...

SPAWNCHIMERA Malware Exploits Ivanti Buffer Overflow Vulnerability by Applying a Critical Fix

In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer...

Sitevision Auto-Generated Password Vulnerability Lets Hackers Steal Signing Key

A significant vulnerability in Sitevision CMS, versions 10.3.1 and earlier, has been identified, allowing...

NSA Allegedly Hacked Northwestern Polytechnical University, China Claims

Chinese cybersecurity entities have accused the U.S. National Security Agency (NSA) of orchestrating a...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Raymond IT Systems Hit by Cyber Attack, Authorities Investigating

Textile and apparel conglomerate Raymond Limited confirmed a cybersecurity breach affecting portions of its...

Zacks Investment Data Breach Exposes 12 Million Emails and Phone Numbers

A cybersecurity incident at Zacks Investment Research has exposed sensitive data belonging to 12...

Indian Post Office Portal Leak Exposes Thousands of KYC Records

The Indian Post Office portal recently exposed the sensitive Know Your Customer (KYC) data...