Schoolzilla Security Issue Exposes Data for 1.3 Million Students and Staff

Students, parents, teachers, administrators and others using the Schoolzilla data platform were recently informed of a security issue that made information for more than 1.3 million users vulnerable to hackers.

The issue was uncovered by Chris Vickery, a white-hat computer security researcher best known for discovering an exposed database containing more than 191 million American voter registration records. Vickery currently runs the Security Watch blog for MacKeeper, an anti-virus software firm, and leads MacKeeper’s Analytical and Security Center.

In a recent Security Watch blog post, Vickery said that he discovered a file configuration error in an analysis of Schoolzilla, which “made the all too common mistake of configuring their cloud storage (an Amazon S3 bucket) for public access. I discovered the bucket after noticing a few other unsecured buckets related to the Tableau data visualization platform.” He found an exposed bucket called “sz.tableau” and began looking for other “sz” iterations, only to find a repository for Schoolzilla’s database backups.

“I downloaded several of the production backups, the largest was titled ‘Web_Data_FULL’ and weighed in at 12 gigs,” he wrote. “After loading them into a local MSSQL instance I did some review and concluded that this was most likely real student data and did indeed come from Schoolzilla.”

Vickery wrote that the company was quick to respond to his data breach notification ticket — and without shooting the messenger or accusing Vickery of being hacker. Within a few days, the CEO personally contacted each client to relay the news.

In a Schoolzilla blog post, CEO and founder Lynzi Ziegenhagen said, “As soon as we learned of it, we immediately fixed the error and confirmed no one accessed any information, other than the researcher. We are grateful that the researcher informed us quickly, so we were able to fix it quickly. Once resolved, we spent the next two days calling each of our customers personally and explaining the technical safeguards that will prevent this from happening again.”

In response to the security breach, Schoolzilla has launched a forum “for lessons learned, best practices and advice from experts” on information security and how “to serve students better with data.”

View the message from the CEO on the Schoolzilla site.

About the Author

Sri Ravipati is Web producer for THE Journal and Campus Technology. She can be reached at [email protected].

Featured

  • young educators collaborate with AI tools on laptops and tablets

    Survey: Younger Educators More Likely to Embrace AI Tools

    While educators across the United States agree that AI has enhanced classroom engagement, enthusiasm for AI's benefits is strongest among young teachers, according to a recent survey from learning technology company D2L.

  • red brick school building with a large yellow "AI" sign above its main entrance

    New National Academy for AI Instruction to Provide Free AI Training for Educators

    In an effort to "transform how artificial intelligence is taught and integrated into classrooms across the United States," the American Federation of Teachers (AFT), in partnership with Microsoft, OpenAI, Anthropic, and the United Federation of Teachers, is launching the National Academy for AI Instruction, a $23 million initiative that will provide access to free AI training and curriculum for all AFT members, beginning with K-12 educators.

  • student holding a smartphone with thumbs-up and thumbs-down icons, surrounded by abstract digital media symbols and interface elements

    Teaching Media Literacy? Start by Teaching Decision-Making

    Decision-making is a skill that must be developed — not assumed. Students need opportunities to learn the tools and practices of effective decision-making so they can apply what they know in meaningful, real-world contexts.

  • students using digital devices, surrounded by abstract AI motifs and soft geometric design

    Ed Tech Startup Kira Launches AI-Native Learning Platform

    A new K-12 learning platform aims to bring personalized education to every student. Kira, one of the latest ed tech ventures from Andrew Ng, former director of Stanford's AI Lab and co-founder of Coursera and DeepLearning.AI, "integrates artificial intelligence directly into every educational workflow — from lesson planning and instruction to grading, intervention, and reporting," according to a news announcement.