Tech

Here’s the Goatse Image Hackers Sent on the Seesaw Parent-Teacher Messaging App at Schools Around the Country

Parents woke up to compromised accounts on Seesaw posting links to the explicit and infamous image.
seesaw
Image: Seesaw
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

A hacker or group of hackers compromised popular school messaging app Seesaw to post an explicit image to the families of elementary schoolers, NBC News reported on Wednesday.

Motherboard has now obtained a screenshot of one of the images and can confirm it is Goatse. In the example we saw, goatse—the infamous internet shock image of a man wearing a wedding ring spreading his asshole with both of his hands—is sent from an account identified as belonging to the family of a first grader.

Advertisement

“Um ???,” one recipient of the image wrote after the Goatse image was shared in their group chat.

Do you know anything else about this Seesaw hack? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.

The Goatse image was shared in the chat as a shortened bit.ly link that then unfurled to show its contents.

The same source that provided the image to NBC News agreed to share it with Motherboard. Motherboard then made certain redactions to protect the privacy of the chat’s participants. Motherboard has blurred the Goatse image.

goatse-redacted.png

A redacted screenshot of the Goatse image. Image: Motherboard.

“It was brought to our attention that a link to an inappropriate image was being shared via the Messages feature. It appears that specific accounts were compromised by an outside actor,” an announcement on Seesaw’s website reads.

Teachers, parents, and school officials on Twitter reported that porn was being shared on Seesaw groups at their schools. The teachers said they were from Illinois, Colorado, Kansas, Minnesota, New York, South Dakota, Michigan, and other states, suggesting this was not an isolated incident. On a subreddit for school cybersecurity professionals, a poster noted "parents in our District are getting links in Seesaw, sent from their 'kids.' The link is extreme porn of some type." A person in that thread noted that the link being sent around was the same bit.ly link seen by Motherboard. 

Advertisement

On its website Seesaw provided rolling updates on the incident. At 06:13PDT the service wrote it had turned off its messaging tool as it investigated an incident. Around an hour and a half later, Seesaw said “the issue has been identified and a fix is being implemented.”

As of 09:15PDT, users who received the link via an email notification were no longer able to access the link, the website said. An hour later, Seesaw said it had reset passwords for impacted accounts.

Sign up for Motherboard’s daily newsletter for a regular dose of our original reporting, plus behind-the-scenes content about our biggest stories.

At the time of writing, the Goatse image is no longer accessible from the bit.ly link.

“This link has been flagged as redirecting to malicious or spam content,” the bit.ly page now reads.

Seesaw is a popular communications platform for schools, parents, and students. On its website the company claims it is used by over 10 million people every month across more than 75 percent of schools in the U.S.

“With Seesaw, even our youngest learners can bring their ideas and imagination to life so that teachers, parents, and school leaders have a window into their minds—where phenomenal growth is taking place every day!” the app’s page on the Apple App Store reads.

Advertisement

Seesaw told Motherboard in a statement that “Seesaw was not compromised; however, isolated individual user accounts were compromised and used to send an inappropriate message. We have no evidence to suggest this attacker performed any additional actions or accessed other data in Seesaw beyond logging in and sending a message from these compromised accounts.”

“Our team continues to monitor the situation and are now slowly reenabling Messages. Seesaw’s mission is to create an environment where students can be their best and we’re deeply distressed by the impact on our community by these appalling actions,” the statement added.

For a photo that’s so infamous, Goatse has become shockingly difficult to find on the internet; its original domain was for a time taken over by people trying to use it to shill cryptocurrency. That domain has since been replaced with a website that just shows ads. Goatse does not show up on Google, Bing, or DuckDuckGo's image results searches. Torrents for the files on The Pirate Bay have no seeders. It is not on PornHub or Xvideos. Motherboard was, however, able to find it on a Russian domain dedicated to preserving the history of Goatse. Now, seemingly parents around the country have been reintroduced to this famous internet lore.

Updated: This piece has been updated to include a statement from Seesaw.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.