Nearly 1 million records related to students across several e-learning websites have been found exposed online in the latest cases of misconfigured cloud storage.

Discovered by security researchers at Wizcase and revealed July 18, the data was found in exposed Amazon Web Services Inc. S3 storage buckets and on ElasticSearch servers from five companies: Square Panda, Playground Sessions, Okoo, MyTopDog and Escola Digital. Student data found included full names, email addresses, ID numbers, phone numbers, home addresses, dates of birth and specific course and school information.

As with all data leaks of this type involving personally identifiable information, in the wrong hands they expose users to identify theft, phishing scams and more. The researchers noted that the dangers are even bigger with e-learning sites becausse many of the affected users are children and young people.

Wizcase encouraged users who may have had their accounts exposed through one of the companies to check for unusual activity in their accounts and to avoid opening links attached in suspicious emails.

“These types of exposures happen depressingly often,” Chris Clements, vice president of solutions architecture at cybersecurity consulting firm Cerberus Cyber Sentinel Corp., told SiliconANGLE. “In general, we find that organizations underestimate the initial layer of safety that comes from simply hosting their own data,” he said. “Cloud providers are attractive for their scalability and built-in redundancy but it is critical that organizations realize they come with their own unique security challenges and considerations.”

Clements noted that only in 2018 did Amazon change the default S3 storage bucket access defaults from public to private, meaning that unless the user took special action, any data uploaded was accessible by anyone. “It’s also not helpful that many cloud provider’s configuration interfaces are fairly inscrutable to beginners and it is easy to make mistakes unless you are well versed in each provider’s security configuration options,” he said.

Image: Square Panda