Last week there were worrying reports that hackers had broken into Edmodo, and stolen the details of some 77 million teachers, students and parents.
Now the popular online education platform has emailed its users, confirming that it has suffered a security breach:
Our investigation has now confirmed that user names, email addresses, and hashed passwords were acquired by an unauthorized third party. The passwords were “hashed” (or encrypted) using the strong and robust bcrypt algorithm, and they were also “salted,” which adds an additional layer of security.
We have no indication at this time that any user passwords have been compromised, but we strongly recommend that all users reset their passwords as soon as possible.
Clearly no organisation likes to announce that it has been breached and lost details of its users, but at least Edmodo members’ passwords were salted and hashed with the strong Bcrypt algorithm which is very resilient to cracking.
Although the risk of passwords being cracked is relatively small (unless you had chosen a particularly poor password), Edmodo sensibly recommends that users change their passwords on other sites as well, if they were making the classic mistake of reusing the same password.
Regardless of whether passwords have fallen into the hands of online criminals or not, it’s still clearly bad news that fraudsters could now potentially exploit the breach by sending phishing emails or other scams to Edmodo users.
At the time of writing I could find no mention of the security breach on Edmodo’s Twitter account or website. That certainly doesn’t qualify as a passing grade in my eyes.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
5 comments on “Edmodo confirms hackers breached its education platform, stole user data and hashed passwords”
everyone change your passwords
This is just sad. I am sad to see that this hacker is stealing identities of many… Please everyone, change your passwords…
Something's fishy about this.
Changing your password is a good idea but won't help you at all if their systems are breached again.
They're using bcrypt so the potential of your password being cracked (assuming you're using a strong password) is negligible.
Note – I have never been associated with Edmodo, and just received an email in 2022 using almost this exact text (with the May 2017 date added) from "[email protected]", rather than "[email protected]". If you're looking for confirmation that this new email is a scam – it is.