Anyone could have obtained the private information in North America that uses a Canadian agency as a result of an improperly procured database.
The stage OneClass, which offers study guides and class notes, was affected by the information leak. A database comprising 8.9 million records and 27GB of data was put at risk.
“By not securing its own users’ information, OneClass created a goldmine for criminal hackers, endangering over a million young people and their households,” that the VPNMentor report stated.
The database that utilized the Elasticsearch frame and was hosted on Amazon Web Services included current students’ personally identifiable data, rejected professors and students.
The documents involved with the flow comprised full-name class enrollment information, phone numbers, and OneClass account details.
What’s even more alarming is that the flow may have impacted minors, together with the investigators pointing out that OneClass” includes funds for high school pupils and takes consumers from 13 years old and above.”
The database does not seem to have been obtained by cybercriminals. But the researchers warned that if it was, then anybody who had access to this information could have gone to”pursue a wide selection of illegal actions,” including staging phishing campaigns.
“As OneClass has a paid subscription plan for premium content and tools, hackers may use this to their advantage if coercing someone into providing any financial information,” the VPNMentor report cautioned.
“Additionally, OneClass users are extremely young — including minors — and will typically be unaware of all criminal schemes and frauds online. This makes them vulnerable targets. It’s also probably many of them utilize their parent’s credit cards to sign up, exposing their entire family to danger.”
The researchers have made OneClass aware of the breach.
“In response, OneClass instantly procured the database but maintained that it was a test server, and any information stored within had no relation to actual individuals,” the investigators stated.
“However, during our evaluation, we had used publicly available information to confirm that a little sample of documents in the database. Taking the PII data from numerous records, we discovered that the social profiles of lecturers and other users on various platforms matched the documents in OneClass’s database.”
According to VPNMentor, the violation would have been avoidable by OneClass” procuring its servers, implementing proper access rules, rather than leaving a system that does not need authentication available to the net.”
It urged clients worried by the violation to”contact the company directly to ascertain what steps it is taking to guard your data.”