Apps from Indian IT company Appscook endanger user data, including the personal data of minors.
Research by Cyber news found that the company, which has developed 96 school-specific apps, many of which are used in 600 Indian and Sri Lankan schools for education management, including parent communication and student performance, may have missed some crucial security issues.
Now it appears a leak has been published on DigitalOcean that contains some pretty serious personally identifiable information about children, and the consequences could be dire.
Data about children has been leaked from school apps developed in India
According to Cybernews, the information includes students’ names, parents’ names, photos of students attending kindergartens, primary and secondary schools, names of schools children attend, birth certificates, school fee receipts, student report cards/exam results, home addresses and telephone numbers.
System misconfiguration is believed to be to blame, rather than a targeted cyber attack. More than half a million children use the app, and about twice as many parents and guardians.
Cybernews Information Security researcher Vincentas Baubonis said: “The leaked data on minors could have serious consequences as this information could put children in physical danger by revealing their daily whereabouts. It can also be used by someone with malicious intent to impersonate school officials or manipulate children and parents.”
Although the risk of digital fraud among minors is lower, the threat of personal attacks, including exploitation, is very real. Cybernews also noted the rise of cryptocurrency in the illegal data market, which helps maintain the anonymity of attackers.
Ny Breaking has asked Appscook to share more information about the extent of the breach and more information about the corrective actions it is taking, but has not yet received a response.