DIRECTORY

  • Alerts
  • APTs
  • Blog
  • Books
  • Certifications
  • Cheat Sheets
  • Courses
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Definitions
  • Domains
  • Entertainment
  • FAQ
  • Frameworks
  • Hardware Tools
  • Incidents
  • Malware
  • News
  • Papers
  • Podcasts
  • Quotes
  • Reports
  • Tools
  • Threats
  • Tutorials
No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
Get Help
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
Get Help
CyberMaterial
Home Incidents

McGraw Hill’s S3 buckets exposed 100,000 students’ grades and personal info

December 20, 2022
Reading Time: 2 mins read
in Incidents

 

Misconfigured Amazon Web Services S3 buckets belonging to McGraw Hill exposed more than 100,000 students’ information as well as the education publishing giant’s own source code and digital keys, according to security researchers.

The research team at vpnMentor said they discovered the open S3 buckets on June 12, and contacted McGraw Hill a day later. One production bucket contained more than 47 million files and 12TB of data, and a second non-production bucket held more than 69 million files and 10TB of data, we’re told.

“In the limited sample we researched, we could see that the amount of records varied on each file from ten to tens of thousands students per file,” the researchers said. “Due to the amount of files exposed and because we only review a small sample following ethical rules, the actual total number of affected students could be far higher than our estimate.”

Overall, the buckets contained more than 22 TB of data and over 117 million files. It included students’ names, email addresses, performance reports and grades as well as teachers’ syllabi and course reading materials for US and Canadian students and schools such as Johns Hopkins University, University of California-Los Angeles, University of Toronto and University of Michigan.

Additionally, the data dump leaked private digital keys, which could have allowed miscreants to decrypt the publisher’s sensitive data and access its servers, plus McGraw Hill’s source code.

 

READ FULL ARTICLE

Tags: AmazonAmazon S3 bucketData BreachData stolenDecember 2022EducationincidentsIncidents 2022Johns Hopkins UniversityMcGraw HillPersonally Identifiable InformationSoftware misconfigurationSource codeUniversity of California-Los AngelesUniversity of MichiganUniversity of TorontovpnMentor
0
VIEWS
ADVERTISEMENT

Related Posts

Montclair: Restoration and Investigation

Montclair: Restoration and Investigation

June 8, 2023
Aer Lingus and Others Hit by Cyberattack

Aer Lingus and Others Hit by Cyberattack

June 8, 2023
LockBit: Ransomware Surge Claims 24 Victims

LockBit: Ransomware Surge Claims 24 Victims

June 8, 2023
Eisai Hit by Ransomware Attack

Eisai Hit by Ransomware Attack

June 8, 2023

More Articles

Podcast

The Cybersecurity Evangelist

September 21, 2022

Cybersecurity for Small Business

July 19, 2021
Course

Cybersecurity Training for Nonprofits

April 25, 2022
News

Austria Bans TikTok Over Privacy

May 12, 2023

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
  • Report Cyber Incident
  • GET HELP

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.