CYBER 101

  • Alerts
  • Blog
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Domains
  • FAQ
  • Incidents
  • Tutorials

Subscribe to our newsletter

FOLLOW US

No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
  • Jobs
  • Vendors
Get Help
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
  • Jobs
  • Vendors
Get Help
CyberMaterial
Home Incidents

McGraw Hill’s S3 buckets exposed 100,000 students’ grades and personal info

December 20, 2022
Reading Time: 2 mins read
in Incidents

 

Misconfigured Amazon Web Services S3 buckets belonging to McGraw Hill exposed more than 100,000 students’ information as well as the education publishing giant’s own source code and digital keys, according to security researchers.

The research team at vpnMentor said they discovered the open S3 buckets on June 12, and contacted McGraw Hill a day later. One production bucket contained more than 47 million files and 12TB of data, and a second non-production bucket held more than 69 million files and 10TB of data, we’re told.

“In the limited sample we researched, we could see that the amount of records varied on each file from ten to tens of thousands students per file,” the researchers said. “Due to the amount of files exposed and because we only review a small sample following ethical rules, the actual total number of affected students could be far higher than our estimate.”

Overall, the buckets contained more than 22 TB of data and over 117 million files. It included students’ names, email addresses, performance reports and grades as well as teachers’ syllabi and course reading materials for US and Canadian students and schools such as Johns Hopkins University, University of California-Los Angeles, University of Toronto and University of Michigan.

Additionally, the data dump leaked private digital keys, which could have allowed miscreants to decrypt the publisher’s sensitive data and access its servers, plus McGraw Hill’s source code.

 

READ FULL ARTICLE

Tags: AmazonAmazon S3 bucketData BreachData stolenDecember 2022EducationincidentsIncidents 2022Johns Hopkins UniversityMcGraw HillPersonally Identifiable InformationSoftware misconfigurationSource codeUniversity of California-Los AngelesUniversity of MichiganUniversity of TorontovpnMentor
0
VIEWS
ADVERTISEMENT

Related Posts

LockBit takes credit for November ransomware attack on Sacramento PBS station

LockBit takes credit for November ransomware attack on Sacramento PBS station

February 2, 2023
Black and White Cabs booking service offline after cyber attack

Black and White Cabs booking service offline after cyber attack

February 2, 2023
Over 1,800 Android phishing forms for sale on cybercrime market

Over 1,800 Android phishing forms for sale on cybercrime market

February 2, 2023
‘Global markets’ impacted by ransomware attack on financial software company

‘Global markets’ impacted by ransomware attack on financial software company

February 2, 2023

More Articles

Stare Into the Lights My Pretties (2017)

March 12, 2021
Incidents

Virginia County Confirms Personal Information Stolen in Ransomware Attack

November 30, 2022

Hundreds of Thousands of Users’ Information Compromised in Digital Marketing Company Data Breach

August 5, 2021
Quotes

“A computer lets you make more mistakes…”

November 13, 2020

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
  • Report Cyber Incident
  • GET HELP

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.