According to vpnMentor, the data of about one million students on the e-Learning platform, OneClass has been leaked.
Η platform Online teaching, based in Toronto, provides study guides and other educational materials to more than 600.000 students in North America.
In May, vpnMentor discovered a database Elasticsearch hosted on Amazon Web Services (AWS), which was completely exposed and everyone with access to Internet he could see her.
The database was found to contain a total of 8.972.251 files representing information for more than 1 million people. The data include identifiers and educational files.
However, apart from information about the members of the platform, h database It also included information from people who had applied but could not become members of the platform.
Security investigators discovered the exposed database on May 20 and contacted the seller on May 25, and the next day he was insured.
According to OneClass, this was a test and the data contained in the database "were not related to real people".
"However, in our research, we used information available to the public to verify a small sample of files in the database. Taking PII data from many records, we found them SOCIAL MEDIA of teachers and other users on various platforms that match the files in the OneClass database, "she said. vpnMentor.
Data in the database included PII such as full names and phone numbers, email addresses, information about schools and universities, school / university enrollment details, and other information related to the OneClass account.
In some cases, additional information has been stored about students and subjects, such as school details and access to protected textbooks and exercises. Most of the data in OneClass is free, but there is only content for it users who pay.
As vpnMentor explained, the exposed information could be very useful in malicious agents, if we assume that the database was discovered by hackers as long as it was exposed.