Sunday, February 9, 2025
HomeCyber Security NewsFurry Hacker Breaches Scholastic - Exposes Data of 8 Million People

Furry Hacker Breaches Scholastic – Exposes Data of 8 Million People

Published on

SIEM as a Service

Follow Us on Google News

The education and publishing giant Scholastic has fallen victim to a significant data breach affecting approximately 8 million people.

The breach, which has been attributed to a self-proclaimed “furry” hacker going by the alias “Parasocial,” was first reported by the Daily Dot.

Scholastic is a household name and a global leader in educational materials for pre-kindergarten through grade 12 students.

It is also known for publishing iconic children’s book series such as Harry PotterThe Hunger GamesClifford the Big Red Dog, and Goosebumps.

However, this reputation has been marred by the news of the breach, which reportedly exposed a mix of names, email addresses, phone numbers, and home addresses for U.S.-based customers and educators.

Some of the compromised data even included the full names of children registered by their parents.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

How the Breach Unfolded

The hacker allegedly gained access to the data by stealing login credentials from a Scholastic employee who had been infected with malware.

Parasocial claimed that they infiltrated the company’s employee portal and managed to extract a vast dataset before being thwarted by an export limit on Scholastic’s servers.

The breach primarily included 4,247,768 unique email addresses, of which over 1 million belonged to “education contacts.” Teachers and administrators were reportedly among the most affected groups, as the breach included school-related information.

Data Stolen
Data Stolen

Parasocial shared their motivation in a statement to the Daily Dot, remarking that the attack stemmed from boredom rather than financial gain.

The hacker indicated they had no intention of making the data public but issued a stern critique of Scholastic’s lax security practices. “To Scholastic; lol get pwned.

This is a lesson to be learned the hard way. … Use MFA,” Parasocial said, urging the company to implement multi-factor authentication.

Adding an unusual twist, Parasocial requested a shout-out to “the puppygirl hacker polycule,” an apparent nod to the furry community—a subculture known for its interest in anthropomorphic animal characters.

While the furry community is not typically associated with cybercrime, it has, in the past, intersected with tech-savvy groups. One of them is SiegedSec, a hacktivist collective that disbanded after carrying out similar high-profile breaches.

Scholastic’s Response

In response to the breach, Scholastic stated they are taking the matter seriously and have launched a thorough investigation.

“Scholastic takes the security of our customers’ data seriously with extensive systems and protocols, and [we] are investigating this claim thoroughly,” a company representative noted, by DailyDot.

This incident underscores the growing need for robust cybersecurity measures, particularly for organizations managing sensitive data related to children and education.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...