Edmodo confirms hackers breached its education platform, stole user data and hashed passwords

Details of 77 million students, teachers and parents are thought to be up for sale on the web.

Edmodo warns that hackers have breached its education platform, stolen millions of user details

Last week there were worrying reports that hackers had broken into Edmodo, and stolen the details of some 77 million teachers, students and parents.

Now the popular online education platform has emailed its users, confirming that it has suffered a security breach:

Edmodo email

Our investigation has now confirmed that user names, email addresses, and hashed passwords were acquired by an unauthorized third party. The passwords were “hashed” (or encrypted) using the strong and robust bcrypt algorithm, and they were also “salted,” which adds an additional layer of security.

We have no indication at this time that any user passwords have been compromised, but we strongly recommend that all users reset their passwords as soon as possible.

Clearly no organisation likes to announce that it has been breached and lost details of its users, but at least Edmodo members’ passwords were salted and hashed with the strong Bcrypt algorithm which is very resilient to cracking.

Although the risk of passwords being cracked is relatively small (unless you had chosen a particularly poor password), Edmodo sensibly recommends that users change their passwords on other sites as well, if they were making the classic mistake of reusing the same password.

Sign up to our free newsletter.
Security news, advice, and tips.

Regardless of whether passwords have fallen into the hands of online criminals or not, it’s still clearly bad news that fraudsters could now potentially exploit the breach by sending phishing emails or other scams to Edmodo users.

At the time of writing I could find no mention of the security breach on Edmodo’s Twitter account or website. That certainly doesn’t qualify as a passing grade in my eyes.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

5 comments on “Edmodo confirms hackers breached its education platform, stole user data and hashed passwords”

  1. Ronald

    everyone change your passwords

  2. John Doe

    This is just sad. I am sad to see that this hacker is stealing identities of many… Please everyone, change your passwords…

  3. Engi

    Something's fishy about this.

  4. Bob

    Changing your password is a good idea but won't help you at all if their systems are breached again.

    They're using bcrypt so the potential of your password being cracked (assuming you're using a strong password) is negligible.

  5. Emily

    Note – I have never been associated with Edmodo, and just received an email in 2022 using almost this exact text (with the May 2017 date added) from "[email protected]", rather than "[email protected]". If you're looking for confirmation that this new email is a scam – it is.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.