Led by Noam Rotem and Ran Locar,vpnMentor’sresearch team discovereda data breach belonging to the e-Learning platform OneClass.
But rare are these times.
Some affected parties deny the facts, disregarding our research, or playing down its impact.
So, we need to be thorough andmake sure everything we find is correct and accurate.
Based on this, we doubt the veracity of OneClass’s claim andstand by our assessment.
We once again reached out to OneClass to show further proof of our findings.
However, we received no further replies from the company.
Based on our team’s discovery, however, this was not the case.
The impact on their victims could be devastating.
Such outcomes could take considerable time and even result in fines.
To learn about data vulnerabilities in general,read ourcomplete guide to online privacy.
Each detected weakness is subsequently analyzed for any potential data leakage.
Our team was able to access this database because it was completely unsecured and unencrypted.
OneClass was using an Elasticsearch database hosted on AWS, which is ordinarily not designed for URL use.
As ethical hackers,we’re obliged to inform a companywhen we discover flaws in their online security.
The purpose of this web mapping project is to helpmake the internet safer for all users.
We then verify and report any submission deemed a legitimate threat to the publics safety.
We never sell, store, or expose any informationwe encounter during our security research.
This includes any information reported to us via The Leak Box.
Our ethical security research team has discovered and disclosed some of the most impactful data leaks in recent years.
[Publication date: 17.06.2020]
kindly, comment on how to improve this article.
