External Breached Credentials: Edmodo.com

Threat Level: Low

Threat Type: External Account Breach

Advisory Date: 07/13/2023

Description

In May 2017, the education platform Edmodo was hacked resulting in the exposure of 77 million records comprised of over 43 million unique customer email addresses. The data was consequently published to a popular hacking forum and made freely available. The records in the breach included usernames, email addresses and bcrypt hashes of passwords.

We have no indication at this time that any user passwords have been compromised, but we strongly recommend that all users reset their passwords as soon as possible.

Although the risk of passwords being cracked is relatively small (unless you had chosen a particularly poor password), Edmodo sensibly recommends that users change their passwords on other sites as well, if they were reusing the same password.

Resolution

If used the same password on Edmodo as other services, you are at risk if you used the same or similar password on Edmodo as for University of Regina accounts, online banking, or other accounts. If you did reuse passwords, it is recommended that you change your passwords as soon as possible.

As with any account credential, several precautions should be taken:
-Choose a totally unique password for each account, website, or service.
-Choose passwords to include a mix of letters, numbers, and symbols.
-Make your password long - the longer the better.
-Set up Two-Factor Authentication for all accounts which support it.

To change your University of Regina password, please visit: https://novapp.cc.uregina.ca/perl/chpass.pl .

For guidelines on creating strong passwords, please visit: http://www.uregina.ca/is/security/resources/resource-password.html .

Resources

For further resources on this password breach, please see:

Information Security Magazine: Learning Platform Edmodo Investigates Reports of Major Breach

Graham Cluley Computer Security News: Edmodo confirms hackers breached its education platform, stole user data and hashed passwords

Please note that the data included in this notification was acquired from an external source. The University of Regina makes no representations, guarantees, or warranties as to the accuracy, completeness, currency, or suitability of the information provided in this notification. The information is provided "as-is” for preventive and corrective purposes.

Please contact the University of Regina IT Support Centre if you have any questions or require assistance:

Webform http://www.uregina.ca/is/forms/ticket.html
Email IT.Support@uregina.ca
Phone 306-585-4685