Edmodo confirms hackers breached its education platform, stole user data and hashed passwords

Details of 77 million students, teachers and parents are thought to be up for sale on the web.

Edmodo warns that hackers have breached its education platform, stolen millions of user details

Last week there were worrying reports that hackers had broken into Edmodo, and stolen the details of some 77 million teachers, students and parents.

Now the popular online education platform has emailed its users, confirming that it has suffered a security breach:

Edmodo email

Our investigation has now confirmed that user names, email addresses, and hashed passwords were acquired by an unauthorized third party. The passwords were “hashed” (or encrypted) using the strong and robust bcrypt algorithm, and they were also “salted,” which adds an additional layer of security.

We have no indication at this time that any user passwords have been compromised, but we strongly recommend that all users reset their passwords as soon as possible.

Clearly no organisation likes to announce that it has been breached and lost details of its users, but at least Edmodo members’ passwords were salted and hashed with the strong Bcrypt algorithm which is very resilient to cracking.

Although the risk of passwords being cracked is relatively small (unless you had chosen a particularly poor password), Edmodo sensibly recommends that users change their passwords on other sites as well, if they were making the classic mistake of reusing the same password.

Regardless of whether passwords have fallen into the hands of online criminals or not, it’s still clearly bad news that fraudsters could now potentially exploit the breach by sending phishing emails or other scams to Edmodo users.

At the time of writing I could find no mention of the security breach on Edmodo’s Twitter account or website. That certainly doesn’t qualify as a passing grade in my eyes.

Tags: ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts


4 Responses

  1. Ronald

    May 17, 2017 at 2:58 pm #

    everyone change your passwords

  2. John Doe

    May 17, 2017 at 8:30 pm #

    This is just sad. I am sad to see that this hacker is stealing identities of many… Please everyone, change your passwords…

  3. Engi

    May 18, 2017 at 1:29 am #

    Something’s fishy about this.

  4. Bob

    May 18, 2017 at 12:01 pm #

    Changing your password is a good idea but won’t help you at all if their systems are breached again.

    They’re using bcrypt so the potential of your password being cracked (assuming you’re using a strong password) is negligible.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.