- Hacker tells media he broke into publishing giant Scholastic
- They then stole sensitive information from millions of people
- Data will not be made public and was stolen ‘for fun’, hacker says
Publishing and media giant Scholastic reportedly suffered a cyberattack in which it lost sensitive information about millions of people.
A hacker known as “Parasocial” claims to have stolen data through a portal of employees, including the names, email addresses, phone numbers and postal addresses, of U.S. customers and “educational contacts.” This last group represents around one million, out of a total of eight million entries.
In his report, Daily update says the database contains more than four million unique email addresses. Additionally, Parasocial provided its researchers with a sample, from which they were able to infer that the data is legitimate. They didn’t contact people directly, but came to some conclusions after reading their information on LinkedIn and other social media accounts.
Authentic sample
Scholastic is known for its popular books, educational materials, and series like Harry Potter, The Hunger Games, and Goosebumps. Parents, teachers and administrators can create an account on the platform. Parents must enter complete data about their children and teachers must indicate the school they work for.
The attacker said his motives were simple entertainment and that he would not post the archive on the internet.
“To scholasticism; lol, be pwned. It’s a lesson to learn the hard way. Don’t let your customers suffer the consequences of your security breaches, use MFA”, Daily update cited Parasocial, adding that they would have taken even more information, but were stopped by the server’s export limits.
In a statement to Daily updatea Scholastic representative said the company was investigating the claim.
“Scholastic takes the security of our customers’ data seriously with extensive systems and protocols, and is fully investigating this claim,” they said.
