- Curvy Wife Guy drops music video for rap song ‘Chubby Sexy’ Friday 7:33 PM
- A ‘Black Mirror’ spinoff mini-series is coming to YouTube via Netflix Latin America Friday 5:56 PM
- Kanye West appears on David Letterman’s Netflix show to talk Trump, TMZ, and Drake Friday 3:27 PM
- QAnon believers link small-town arrest to deep state conspiracy without evidence Friday 1:58 PM
- Instagram photos showing prison conditions spark massive protest Friday 1:33 PM
- ‘Gay rat wedding’ headline sparks amazing new meme Friday 1:03 PM
- ‘I read a gossip piece’ meme mocks Moby’s Instagram post Friday 12:39 PM
- Rotten Tomatoes wants to see your ticket stub to leave a verified review Friday 11:46 AM
- ‘Sonic the Hedgehog’ movie delayed to 2020 to fix his look Friday 11:39 AM
- ‘Swamp Thing’ gets off to a promising start, but can it tell a convincing love story? Friday 11:34 AM
- ‘Falling on deaf ears’: ‘Queer Eye’ star sparks conversation about ableist idioms Friday 11:15 AM
- Parents are spending thousands on YouTube camps that teach kids how to be famous Friday 10:43 AM
- In season 2 of ‘She’s Gotta Have It,’ Spike Lee remains unapologetically himself Friday 10:36 AM
- Trump selling Pride shirts is a grotesque insult to the LGBTQ community Friday 10:27 AM
- Logan Paul is being mocked for pulling out of slapping competition Friday 9:57 AM
Photo via LLLEV/Flickr (CC-BY)
Schoolzilla, a student data warehouse platform, reacted quickly to secure the students’ data.
More than a million American students had their information exposed this month in a data breach at a California-based company that offers data services to kindergarten through 12-grade schools.
A student data warehouse platform, Schoolzilla first acknowledged the breach on April 12 in a message on its website, informing customers: “A well-known computer security researcher was doing a targeted analysis of Schoolzilla when he uncovered a file configuration error.”
The researcher, Chris Vickery of the Kromtech Security Research Team, told the Daily Dot this week that he discovered the Schoolzilla breach in early April while scanning the web for an “all too common” misconfiguration in Amazon cloud storage devices (Amazon S3 buckets).
The storage device discovered by Vickery included a database that contains the personal information of approximately 1.3 million students in the United States, including some Social Security numbers. The researcher was unable to provide the Dot with evidence of the breach because he delete the database from his own computer shortly after realizing the leaked data pertained to minors.
“The sheer volume of private student data, including [test] scores and social security numbers for children, convinced me that it should be purged from my storage in an expedited fashion,” Vickery said.
The Daily Dot was unable to immediately confirm which U.S. schools may have been affected. However, Vickery confirmed (and praised) the swift action of Schoolzilla, which he said corrected the issue and secured the students’ information within 24 hours. “As soon as we learned of it, we immediately fixed the error and confirmed no one accessed any information, other than the researcher,” the company said.
Unfortunately, that’s an atypical response. It is a common issue that many companies respond with suspicion when reached by outside security researchers reporting vulnerabilities that expose their customers’ data. In contrast, Schoolzilla responded to his notification appropriately, Vickery said, and took immediate action to secure its data.
“This was the first situation of its kind for them and they reacted professionally,” Vickery said. “It must have been grueling for the CEO to phone each client and relay the unpleasant news, but they did it within only a few days of my report.”
In 2016, Vickery helped secure a leaky database that exposed approximately 191 million records of U.S. voters, including about 19 million disclosing religious affiliations and gun ownership. He later found and helped secure another voter database containing around 154 million records hosted on a Google server. Last April, Vickery helped secure a database located on a U.S.-based server that contained 87 million records of Mexican voters, which prompted a criminal investigation in that country.
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.