Wyzant online tutoring platform suffers data breach
Wyzant has revealed a data breach which has led to the compromise of user data including Facebook profile information.
In an email sent to customers and seen by Hacker News, the online marketplace — which can be used to find tutors for 1-on-1 lessons in hundreds of subjects — said that an “anomaly” on a single database was found on May 2, 2019.
This ‘anomaly’ prompted further investigation, leading to the discovery of a cyberattacker who managed to infiltrate Wyzant systems on April 27, 2019. The unknown threat actor was able to gain access to some of the personally identifiable information (PII) of users.
The information which may have been stolen includes names, email addresses, and ZIP codes. The Facebook profile pictures of users who chose to sign into Wyzant using their social network account were also placed at risk, of which such cross-platform connections may be useful in phishing campaigns.
However, the tutoring platform does not believe that passwords, activity records, or financial information have been involved in the data breach.
It is not known how many users are impacted or whether or not the security incident has involved both students and tutors. Wyzant accounts for over two million registered users and over 80,000 instructors.
The company has patched the underlying problem, according to the publication, which suggests a security flaw or vulnerability may have been at fault. An audit and investigation are now underway.
“Wyzant has implemented additional security measures designed to prevent a recurrence of such an attack and to protect the privacy of our valued customers,” Wyzant said. “This includes reviewing our security processes and protocols. We are also working closely with law enforcement to ensure the incident is properly addressed.”
ZDNet has reached out to Wyzant with additional queries and will update if we hear back.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0