Popular school messaging app hacked to send explicit picture to parents

Popular school messaging app hacked to send explicit picture to parents

A messaging app for parents and teachers said Wednesday it had been hacked after some parents said they had received messages with an explicit image that is notorious on the Internet.

School districts in Illinois, New York, Oklahoma and Texas all said Wednesday that the photo was sent through the Seesaw app to parents and teachers in private chats.

Seesaw, which according to its website is used by 10 million teachers, students and family members, declined to say how many users were affected.

In an emailed statement, its vice president of marketing, Sunniya Saleem, said that “specific user accounts were compromised by an external actor” and that “we take this extremely seriously.”

“Our team continues to monitor the situation to ensure we prevent further dissemination of these images from being sent or viewed by any Seesaw users,” she said.

In a follow-up email, the company said the hacker or hackers did not gain administrative access to Seesaw, but instead breached individual user accounts in a so-called credential stuffing attack. In such an attack, hackers look through previous data breaches to identify username and password combinations. Cybersecurity experts recommend not reusing the same password on multiple sites, especially to avoid credential attacks.

The image was sent to some parents and teachers linking to bitly, a popular link shortening service that hides actual URLs. For some users, the app automatically displayed the image in the chat.

Chris Krampert, whose children attend the elementary school in Florida, provided NBC News with a screenshot showing his wife’s account sending the photo, which automatically appears in the chat, to horrified parents. The image was a notorious meme image of a man engaged in an explicit act.

See also  Web hosting provider fined $300,000 in data security case

Some school districts issued notices warning parents not to open links sent through Seesaw. Visitors to the website of Keeneyville Elementary School District 20 in Hanover Park, Illinois, were greeted with a pop-up warning on Wednesday.

“Please do not open any ‘bitly’ links sent to you this morning in a Seesaw message, it says. “It may look like a message was sent to you from another school family, but please delete the message immediately, without opening because inappropriate content was sent.”

Castleton Elementary School, in Castleton-on-Hudson, New York, announced on its website that it had also seen evidence of the security breach. “In the meantime, if you need to speak to the student’s teacher, please email them,” it said.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *