Edmodo confirms hackers breached its education platform, stole user data and hashed passwords

Details of 77 million students, teachers and parents are thought to be up for sale on the web.

Edmodo warns that hackers have breached its education platform, stolen millions of user details

Last week there were worrying reports that hackers had broken into Edmodo, and stolen the details of some 77 million teachers, students and parents.

Now the popular online education platform has emailed its users, confirming that it has suffered a security breach:

Edmodo email

Our investigation has now confirmed that user names, email addresses, and hashed passwords were acquired by an unauthorized third party. The passwords were "hashed" (or encrypted) using the strong and robust bcrypt algorithm, and they were also “salted,” which adds an additional layer of security.

We have no indication at this time that any user passwords have been compromised, but we strongly recommend that all users reset their passwords as soon as possible.

Clearly no organisation likes to announce that it has been breached and lost details of its users, but at least Edmodo members' passwords were salted and hashed with the strong Bcrypt algorithm which is very resilient to cracking.

Although the risk of passwords being cracked is relatively small (unless you had chosen a particularly poor password), Edmodo sensibly recommends that users change their passwords on other sites as well, if they were making the classic mistake of reusing the same password.

Regardless of whether passwords have fallen into the hands of online criminals or not, it's still clearly bad news that fraudsters could now potentially exploit the breach by sending phishing emails or other scams to Edmodo users.

At the time of writing I could find no mention of the security breach on Edmodo's Twitter account or website. That certainly doesn't qualify as a passing grade in my eyes.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

,