[BreachExchange] SkoolBag secure says MOQ, after user creds found in massive dump

Destry Winant destry at riskbasedsecurity.com
Wed Jan 30 02:18:12 EST 2019


https://www.cio.com.au/article/656802/skoolbag-secure-says-moq-after-user-creds-found-massive-dump/

MOQ, the ASX-listed firm behind popular school communications tool
SkoolBag says its app is secure following the discovery of user
credentials in a major dump of emails and passwords earlier this
month.

The company today confirmed a “limited number” of user email addresses
and encrypted passwords used to login to the platform were among those
in the 87GB dump of credentials – dubbed Collection #1 – found on
file-upload service MEGA two weeks ago.

Security researcher Troy Hunt, the operator Have I Been Pwned,
recently revealed details of Collection #1 which contains
1,160,253,228 unique combinations of email addresses and passwords.

The dump is made up of “many different individual data breaches from
literally thousands of different sources,” Hunt wrote.

MOQ today said that its SkoolBag security team “did not find any
evidence of use of or unauthorized activity on the SkoolBag platform”.

The SkoolBag app allows schools to communicate with parents with
alerts and in-app newsletters. It has more than 3,000 subscriptions
and claims to be “Australia’s leading school communication app”.

The company said it did not consider the breach to be an ‘eligible
breach’ under the government’s Notifiable Data Breach legislation,
which compels companies with an annual turnover of $3 million or more
have to disclose information breaches that involve individuals’
personal information.

This is because “there is no evidence to suggest that the breach is
likely to result in serious harm to one or more individuals,” MOQ said
in its announcement to the ASX this morning.

“This is in part because of the nature of the information breached,
the remoteness of the harm to individuals likely to result, and due to
the extensive remediation actions undertaken,” MOQ added.

Nevertheless, potentially affected individuals have been notified and
additional security measures are being implemented, MOQ said.


More information about the BreachExchange mailing list