Latest in Gear

Image credit: Hero Images via Getty Images

K12.com exposed 7 million student records for a week

Information included name, email, age and what school the student attends.
213 Shares
Share
Tweet
Share
Save

Sponsored Links

Hero Images via Getty Images

K12.com, an online education platform, inadvertently exposed the personal information of nearly seven million students, according to security researchers at Comparitech. The exposed database contained full names, email addresses, birthdates and gender identities, as well as the school that the students attend, authentication keys for accessing their accounts and other internal data. The information was available online for more than one week, and it's unclear if the database was at any point accessed by malicious actors. Engadget reached out to K12.com for additional information regarding the data exposure and will update this story if we hear back.

According to the researchers who discovered the exposure, the issue affected K12.com's A+nyWhere Learning System (A+LS), which is utilized by more than 1,100 school districts in the US. The database was misconfigured, resulting in it being publicly accessible and discoverable on BinaryEdge and Shodan, two search engines that specialize in indexing public-facing databases. The exposure, which was discovered on June 25th, first occurred on June 23rd and wasn't fixed until July 1st.

It's become shockingly common for misconfigured databases to expose huge swaths of personal information collected and held by companies. Just in the last few months, public-facing databases have exposed contact information for Instagram influencers, the medical records of rehab patients, subscribers to AMC Networks premium services. In one instance, a database containing sensitive information on more than 80 million households in the US was discovered. In these cases, it's difficult to determine if anyone malicious accessed the information.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
213 Shares
Share
Tweet
Share
Save

Popular on Engadget

House panel asks Apple, Google if app makers must reveal foreign ties

House panel asks Apple, Google if app makers must reveal foreign ties

View
'Fortnite' adds lightsabers following Star Wars event

'Fortnite' adds lightsabers following Star Wars event

View
A 'Snow Crash' TV series is coming to HBO Max

A 'Snow Crash' TV series is coming to HBO Max

View
New Orleans declares state of emergency following cyberattack

New Orleans declares state of emergency following cyberattack

View
Recommended Reading: The science fiction of William Gibson

Recommended Reading: The science fiction of William Gibson

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr