Cybertraps for Educators Digest

Frederick Lane -

By Frederick Lane ~ 6 January 2023

This C4E Digest is 1,347 words, or approximately a 6-minute read.

💾 Above the Fold: Another Massive Student Data Breach

Clouds and a Starry Sky [Frederick Lane, 2022]

Cloud storage is wonderful ... except when it isn't. A research team at vpnMentor, an online privacy firm, recently discovered that education publisher McGraw Hill exposed the personal data of more than 100,000 students.

  • McGraw Hill stored the data in Amazon Web Services S3 buckets, a widely-popular type of cloud storage.
  • Unfortunately, McGraw Hill misconfigured the settings of its data buckets, allowing anyone with a web browser access to more then 22 terabytes of student data and teaching materials.
  • The misconfiguration may have allowed access as early as 2015.

Slow response: In its report, vpnMentor said that it contacted McGraw Hill multiple times about the security breach before the company responded.

Implications: A possible seven-year leak of confidential student and teacher information raises a number of security concerns.