Cyber Incident Victim: Edmodo

In April 2017, a hacker compromised the education platform Edmodo, stealing millions of user account records. The breach was discovered when the stolen data appeared for sale on the dark web marketplace Hansa in May 2017, advertised by a vendor using the alias "nclay." The attacker claimed possession of 77 million user accounts, with approximately 40 million containing email addresses, though the full database was not independently verified. The compromised data included usernames, email addresses, and passwords hashed with the bcrypt algorithm and salted, making credential cracking more difficult. LeakBase, a breach notification service, provided Motherboard with a sample of over two million records for validation. Motherboard confirmed the data's authenticity by attempting to create new Edmodo accounts using emails from the sample, all of which were already registered. One verified user confirmed her account creation date aligned with the data's timeframe.

Edmodo, a platform serving over 78 million teachers, students, and parents for educational collaboration, acknowledged the incident after Motherboard's inquiry, stating an investigation was underway. The company emphasized user privacy as a top priority but did not disclose technical details of the breach or its detection methods. The vendor nclay listed the data for approximately $1,000 and attributed the theft to April 2017, though no attack vector or intrusion method was revealed. The inclusion of bcrypt hashing reduced immediate credential misuse risks, but exposed users remained vulnerable to phishing or targeted attacks due to leaked email addresses. No evidence of data misuse was documented at the time of reporting, and Edmodo did not confirm whether affected users were notified.