Security

Edmodo Investigates Millions of User Accounts for Sale on Dark Web

• By Sri Ravipati
• 05/12/17

A hacker going by the name "nclay" claims to have stolen more than 77 million user accounts from Edmodo, a K–12 social learning network of 78 million teachers, students, parents and other members, and has put the data for sale on the Dark Web, Motherboard first reported.

Breach notification site LeakBase offered Motherboard a sample of more than 2 million records. The data revealed a mix of “usernames, e-mail addresses and hashed passwords,” which Motherboard verified by using a large, random data sample to try to create new Edmodo user accounts. “With every tested e-mail this was not possible because the address was already linked to an Edmodo account,” the news organization reported.

LeakBase yesterday Tweeted that the top domains for the data breach include:

• @gmail.com, accounting for 19 percent of the accounts at 13,286,240;
• @hotmail.com, making up 10 percent of the accounts at 7,065,761; and
• @yahoo.com, at 8 percent with 6,074,901 accounts.  

In an e-mail to THE Journal, Edmodo VP of Marketing and Communications Mollie Carter said, “Edmodo has learned about a potential security incident. We take this report very seriously and we are investigating. Protecting the privacy of our users is of the utmost importance to Edmodo. We have reported the incident to law enforcement and we have retained leading information security experts to investigate this incident. We have also implemented additional security measures. We have no indication at this time that any user passwords have been compromised.”

Edmodo will provide additional information as it surfaces.