Expert Commentary: Unsecured OneClass Database Exposes 1M Students

It was announced today that over one million North American students have had their data exposed after a popular online learning platform left it in a publicly accessible cloud database. Researchers claim that the Elasticsearch database belonging to provider OneClass was left completely unsecured. The trove contained over 27GB of data, amounting to 8.9 million records, including many students’ full names, email addresses, schools/universities, phone numbers, account details, and school enrollment details.


EXPERTS COMMENTS
Anurag Kahol, CTO,  Bitglass
June 30, 2020
Personal data is precious, and it is imperative that the proper controls are in place to secure it.
Leaving a database vulnerable can pose major threats to data security, data subject wellbeing, regulatory compliance, and brand reputation, and it does not take much effort for outsiders to find unsecured databases and access sensitive information. Personal data is precious, and it is imperative that the proper controls are in place to secure it. All companies, even those with limited IT resourc ....
[Read More >>]
Rene Paap, Senior Product Marketing Manager,  Pulse Secure
June 30, 2020
The Zero Trust principle dictates that no connectivity is allowed until a user and their device is authenticated.
The discovery of the unsecured OneClass database comes after several major breaches in the edtech industry, most notably Chegg in late April and Mathway in May this year. Malicious actors have greatly escalated attacks against the education sector, turning unsecured databases into serious threats, particularly as the compromised information makes victims easier targets for phishing schemes. Securi ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article