HQ/EMEAFind out how we can help your business
A disturbing data breach on Appscook involving the leakage of sensitive information related to minors has impacted more than 600 schools in India and Sri Lanka.
Based on reports, this alarming incident in Appscook, an IT company responsible for developing applications for education management in the countries mentioned earlier, has endangered millions of children due to a misconfiguration of its system.
The confirmed exposed files in this incident include home addresses, birth certificates, and even photos of minors attending pre-primary, primary, and secondary schools. These details are accessible to anyone on the internet due to the negligence of the company’s security measures.
The data breach became apparent when a research team discovered that a DigitalOcean storage bucket storing the sensitive files is publicly accessible, requiring no authentication for access. This incompetence poses a significant threat since the nature of the leaked information mainly affects minors.
Furthermore, the severity of the situation becomes more critical as Appscook has 96 school-specific apps, which are widely adopted and designed to facilitate online classes and communication between parents and schools. According to the company’s website, over half a million students and more than a million parents rely on this platform.
Appscook has yet to respond to or address the situation.
The potential consequences of this data exposure on Appscook are immense. The exposed details, including home addresses and private photos, could enable a malicious actor with the means to extort parents, impersonate school officials, or manipulate children and parents for malicious purposes.
In addition, a hacker could leverage the leaked information for identity theft, fraud, and targeted phishing campaigns against the parents of the affected children. While children may not be as susceptible to digital fraud as adults, the effects of this breach cover beyond financial concerns.
This new breach is another incident that highlights the need for robust cybersecurity measures, especially in applications and platforms that provide services to the sensitive educational sector. The fallout from this incident shows that companies should prioritise the protection of user data to prevent the exploitation of minors and mitigate the potential harm caused by such incompetence in cybersecurity.
