SECURITY
SECURITY
SECURITY
1M e-learning student records found exposed on misconfigured cloud storage
Nearly 1 million records related to students across several e-learning websites have been found exposed online in the latest cases of misconfigured cloud storage.
Discovered by security researchers at Wizcase and revealed July 18, the data was found in exposed Amazon Web Services Inc. S3 storage buckets and on ElasticSearch servers from five companies: Square Panda, Playground Sessions, Okoo, MyTopDog and Escola Digital. Student data found included full names, email addresses, ID numbers, phone numbers, home addresses, dates of birth and specific course and school information.
As with all data leaks of this type involving personally identifiable information, in the wrong hands they expose users to identify theft, phishing scams and more. The researchers noted that the dangers are even bigger with e-learning sites becausse many of the affected users are children and young people.
Wizcase encouraged users who may have had their accounts exposed through one of the companies to check for unusual activity in their accounts and to avoid opening links attached in suspicious emails.
“These types of exposures happen depressingly often,” Chris Clements, vice president of solutions architecture at cybersecurity consulting firm Cerberus Cyber Sentinel Corp., told SiliconANGLE. “In general, we find that organizations underestimate the initial layer of safety that comes from simply hosting their own data,” he said. “Cloud providers are attractive for their scalability and built-in redundancy but it is critical that organizations realize they come with their own unique security challenges and considerations.”
Clements noted that only in 2018 did Amazon change the default S3 storage bucket access defaults from public to private, meaning that unless the user took special action, any data uploaded was accessible by anyone. “It’s also not helpful that many cloud provider’s configuration interfaces are fairly inscrutable to beginners and it is easy to make mistakes unless you are well versed in each provider’s security configuration options,” he said.
Image: Square Panda
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
