In January 2019, a large collection of globally hacked data was discovered being distributed on a popular hacking forum. This collection has become known in the media as “Collection #1”. The data contained almost 2.7 billion records including 773 million unique email addresses and login credentials.
How was SkoolBag impacted?
The SkoolBag Security Team became aware that a group of SkoolBag login credentials (email addresses and encrypted passwords) existed within the “Collection #1” data set.
What steps did SkoolBag take in response?
As soon as we were made aware of the incident the SkoolBag team took immediate steps to ensure the safety and security of the platform. This included but was not limited to:
- Resetting the passwords of all effected Admin users
- An audit of our internal systems to determine potential sources of the breach
- Engagement of specialised security consultants to do a complete audit of our systems.
- The application of new more stringent security processes to minimise the risk of future attack including:
- New password encryption standards
- New password policies for all users
- Notification made directly to all impacted users.
- Creation of a new firstname.lastname@example.org email address that all users can now use moving forward if they have any security concerns/questions that relate to our platform
What is SkoolBag doing about this going forward?
At SkoolBag we are always doing the best we can to ensure your data with us is safe and secure in our platform at all times. However, we also know the world moves fast and new threats are always on the horizon. To ensure we stay ahead of these threats we also do the following:
- Continuous monitoring for potential misuse of our systems.
- Regular security audits of our systems and processes.
- Continual investment in our system architecture
- Appointment of a dedicated “Privacy Officer”
- A continued commitment to our users of openness and transparency on these issues.
Was my information involved?
SkoolBag has notified, via email, each and every user whose account credentials are known to have been impacted. Please check to see if you have received an email from us titled “Important Data Security Announcement”.
If you did not receive an email but have reason to believe your account has been compromised you can email us directly at email@example.com to ensure it is investigated.
Even if you did not receive this email from us and are not involved in the “Collection #1” incident, we still suggest that you read our recommendations on how you can best secure all of your online accounts via strong and different passwords.
Were all users affected?
This security incident has impacted a limited subset of all SkoolBag users (Admin and Users). SkoolBag has contacted all affected users via email to make them aware.
Why am I being forced to update my password?
As part of our security review, we identified that many users had simplistic passwords. To ensure tighter security we have now enforced a password policy that includes a minimum of 8 characters, 2 uppercase and 1 numeral.
For example “FunkyGibbon9”. This will ensure your password is harder to be guessed should any further attempts be made.
What other steps can I take?
There are some simple steps you can take as precautions to mitigate any threat of unauthorised use of your personal details. These include:
- Update all your passwords online to be a strong password using letters (both uppercase and lowercase), numbers and symbols.
- Ensure you use unique passwords on each system you use online. This ensures if one is compromised that your other data remains secure.
- Maintain a close watch on your email traffic to avoid potential phishing emails which might be attempting to access your personal information or seeking confirmation of logins.
- Be aware of telephone calls for businesses or institutions requesting your personal details.
- Avoid opening attachments from unknown senders on email or social media.
- Install and keep up-to-date anti-virus software on your machines.
- Backup your data including photos and music.