Last week there were worrying reports that hackers had broken into Edmodo, and stolen the details of some 77 million teachers, students and parents.
Now the popular online education platform has emailed its users, confirming that it has suffered a security breach:
Our investigation has now confirmed that user names, email addresses, and hashed passwords were acquired by an unauthorized third party. The passwords were “hashed” (or encrypted) using the strong and robust bcrypt algorithm, and they were also “salted,” which adds an additional layer of security.
We have no indication at this time that any user passwords have been compromised, but we strongly recommend that all users reset their passwords as soon as possible.
Clearly no organisation likes to announce that it has been breached and lost details of its users, but at least Edmodo members’ passwords were salted and hashed with the strong Bcrypt algorithm which is very resilient to cracking.
Although the risk of passwords being cracked is relatively small (unless you had chosen a particularly poor password), Edmodo sensibly recommends that users change their passwords on other sites as well, if they were making the classic mistake of reusing the same password.
Regardless of whether passwords have fallen into the hands of online criminals or not, it’s still clearly bad news that fraudsters could now potentially exploit the breach by sending phishing emails or other scams to Edmodo users.
At the time of writing I could find no mention of the security breach on Edmodo’s Twitter account or website. That certainly doesn’t qualify as a passing grade in my eyes.