Cyber Security News

Furry Hacker Breaches Scholastic – Exposes Data of 8 Million People

The education and publishing giant Scholastic has fallen victim to a significant data breach affecting approximately 8 million people.

The breach, which has been attributed to a self-proclaimed “furry” hacker going by the alias “Parasocial,” was first reported by the Daily Dot.

Scholastic is a household name and a global leader in educational materials for pre-kindergarten through grade 12 students.

It is also known for publishing iconic children’s book series such as Harry PotterThe Hunger GamesClifford the Big Red Dog, and Goosebumps.

However, this reputation has been marred by the news of the breach, which reportedly exposed a mix of names, email addresses, phone numbers, and home addresses for U.S.-based customers and educators.

Some of the compromised data even included the full names of children registered by their parents.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

How the Breach Unfolded

The hacker allegedly gained access to the data by stealing login credentials from a Scholastic employee who had been infected with malware.

Parasocial claimed that they infiltrated the company’s employee portal and managed to extract a vast dataset before being thwarted by an export limit on Scholastic’s servers.

The breach primarily included 4,247,768 unique email addresses, of which over 1 million belonged to “education contacts.” Teachers and administrators were reportedly among the most affected groups, as the breach included school-related information.

Data Stolen

Parasocial shared their motivation in a statement to the Daily Dot, remarking that the attack stemmed from boredom rather than financial gain.

The hacker indicated they had no intention of making the data public but issued a stern critique of Scholastic’s lax security practices. “To Scholastic; lol get pwned.

This is a lesson to be learned the hard way. … Use MFA,” Parasocial said, urging the company to implement multi-factor authentication.

Adding an unusual twist, Parasocial requested a shout-out to “the puppygirl hacker polycule,” an apparent nod to the furry community—a subculture known for its interest in anthropomorphic animal characters.

While the furry community is not typically associated with cybercrime, it has, in the past, intersected with tech-savvy groups. One of them is SiegedSec, a hacktivist collective that disbanded after carrying out similar high-profile breaches.

Scholastic’s Response

In response to the breach, Scholastic stated they are taking the matter seriously and have launched a thorough investigation.

“Scholastic takes the security of our customers’ data seriously with extensive systems and protocols, and [we] are investigating this claim thoroughly,” a company representative noted, by DailyDot.

This incident underscores the growing need for robust cybersecurity measures, particularly for organizations managing sensitive data related to children and education.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Top 20 Best Open-Source SOC Tools in 2025

As cyber threats continue to evolve, Security Operations Centers (SOCs) require robust tools to detect,…

1 hour ago

Hackers Exploit Fast Flux to Evade Detection and Obscure Malicious Servers

Cybersecurity agencies worldwide have issued a joint advisory warning against the growing threat posed by…

3 hours ago

Oracle Confirms The Data Breach- Starts Initiating Client Notifications

Oracle Corporation has confirmed a data breach involving its older Gen 1 servers, marking its…

3 hours ago

Vite Development Server Flaw Allows Attackers Bypass Path Restrictions

A critical security vulnerability, CVE-2025-31125, has been identified in the Vite development server. Due to improper…

4 hours ago

New Android Spyware Tricks Users by Demanding Passwords for Uninstallation

A newly identified Android spyware app is elevating its tactics to remain hidden and unremovable…

5 hours ago

Malicious PDFs Responsible for 22% of All Email-Based Cyber Threats

Malicious PDF files have emerged as a dominant threat vector in email-based cyberattacks, accounting for…

5 hours ago