More than 3 Million SchoolDude User Accounts Exposed in Data Breach
Table of Contents
- By Steven
- May 18, 2023
SchoolDude is a cloud-based work management tool for school districts and other organizations throughout the United States. This software service is used by school employees and students to submit repair requests and manage those same requests. The software is used to handle serious repairs in schools all over, and it also manages some confidential data about employees. This information was just released in a serious data breach that included more than 3 million user accounts.
How Did the Attack Occur?
We have no way of knowing exactly how the data files were taken from SchoolDude, but we do know that the attackers involved were able to get user passwords that weren't encrypted. This is a serious concern because the information could be used for credential-stuffing attacks on other services across the internet.
What Information Was Viewed or Stolen?
Anyone whose SchoolDude account was exposed during this data breach loses their email, first and last name, their full account password, phone number, and the name of the school district they work at. The main concern with this breach is that passwords and email addresses were lost for so many different people. Attackers armed with so many different emails and passwords could attempt to use those credentials in different accounts to gain access to them. This is an attack technique known as credential stuffing, and it's a common way to get into banks, email addresses, crypto wallets, and more important accounts. Brightly reported this data breach and warned users of SchoolDude that they should watch out for such attacks in the future.
How Did SchoolDude Admit to the Breach?
The owners of SchoolDude filed a notice of breach with the Maine Attorney General's office explaining the nature of this data breach and what information was involved in the attack. The notice, as well as news outlets reporting on the breach, are the only way of knowing about this issue because individual letters aren't being sent out to the victims. Instead, the company reset the passwords of all the accounts, and users are being instructed to create new passwords to protect their accounts.
What Will Become of the Stolen Information?
While the hackers likely used the data to access SchoolDude accounts and gather as much additional information as they could immediately after the data breach, it's more likely that the stolen credentials will be used to access other accounts and services around the internet. Hackers will build a list of email addresses and passwords and attempt to access financial accounts, eWallet services, email addresses, crypto wallets, and more with the hopes that users utilize the same password for multiple services.
What Should Affected Parties Do in the Aftermath of the Breach?
If your data was taken during this breach, you should start changing the passwords for any other accounts that share a password with SchoolDude to protect yourself. Consider using a password management tool that enables you to have unique passwords for each of your account services, and you'll enjoy improved protection as a result. You should also make sure to monitor all your accounts in case anyone tries to access them or steal your identity.