More than 1 million e-learning users data exposed from a misconfigured and unencrypted Amazon S3 buckets and other types of servers. The exposed data can be accessed by anyone online without any form of authentication.
e-learning Students Data Leak
The breach was found by researchers at Wizcase, the breach affects 5 different eLearning Companies around the globe. The data found to be stored 4 Amazon S3 buckets and an ElasticSearch server, due to misconfigurations the data are available publically.
Following are the data exposed;
- Full names
- Email addresses
- ID numbers
- Phone numbers
- Home addresses
- Date of birth
- Specific course and school information
What are the Companies Affected
Escola Digital – Brazilian eLearning website exposes several CSV files with user’s personally identifiable information. The data found to be collected between 2016 and 2017.
MyTopDog – Platform specifically for school children based in SoutAfrica, exposes over 800,000 students data and other business information.
Okoo – Online Learning Platform for Children, the platform exposes almost 1 million entries of users’ activity.
Square Panda – Virtual platform launched to help children learn how to read and write through various online games. The platform exposes over 15,000 user records.
Playground Sessions – It offers virtual piano lessons, around 4,100 users records exposed from the open Amazon bucket.
Seems many of the users affected in the breach are children and young people, attackers may launch Phishing and scam attack using the personal information.