Hacker Steals Millions of User Account Details from Education Platform Edmodo
Image: Syda Productions/Shutterstock

Hacker Steals Millions of User Account Details from Education Platform Edmodo

The data includes usernames, email addresses, and hashed passwords.
May 11, 2017, 3:08pm

A hacker has stolen millions of user account details from popular education platform Edmodo, and the data is apparently for sale on the so-called dark web.

Teachers, students and parents use Edmodo to work on lesson plans, assign homework, and more. The organization claims to have over 78 million members.

"Thanks to those who guided and supported us in the beginning, we're now the number one K-12 social learning network in the world, dedicated to connecting all learners with the people and resources they need to reach their full potential," Edmodo's website reads.

For-profit breach notification site LeakBase provided Motherboard with a sample of over two million user records for verification purposes. The data includes usernames, email addresses, and hashed passwords.

The passwords have apparently been hashed with the robust bcrypt algorithm, and a string of random characters known as a salt, meaning hackers will have a much harder time obtaining user's actual login credentials. Not all of the records include a user email address.

Motherboard verified the data by attempting to create new Edmodo accounts with a large, random selection of emails included in the data. With every tested email this was not possible, because the address was already linked to an Edmodo account.

One Edmodo user reached by Motherboard also confirmed they used the service, and said she signed up five to six years ago.

The dark web listing of the stolen Edmodo data. Image: Screenshot

A vendor going under the name of nclay is currently listing the Edmodo data on the dark web marketplace Hansa for just over $1,000. In all, nclay claims to have 77 million accounts, and according to LeakBase, around 40 million include an email address. (Motherboard has not seen the full alleged database).

The accounts were stolen last month according to nclay's dark web listing. The vendor did not respond to a request for clarification.

"Edmodo has learned about a potential security incident," the company's VP of Marketing and Communications Mollie Carter told Motherboard in an email. "Protecting the privacy of our users is of the utmost importance to Edmodo. We take this report very seriously and we are investigating."

Update: This story was updated after initial publication with additional comment from Edmodo.