Wyzant online tutoring platform suffers data breach

Wyzant has revealed a data breach which has led to the compromise of user data including Facebook profile information.

In an email sent to customers and seen by Hacker News, the online marketplace -- which can be used to find tutors for 1-on-1 lessons in hundreds of subjects -- said that an "anomaly" on a single database was found on May 2, 2019.

See also: Failed blackmail attempt prompts hackers to leak ocean of data belonging to major companies

This 'anomaly' prompted further investigation, leading to the discovery of a cyberattacker who managed to infiltrate Wyzant systems on April 27, 2019. The unknown threat actor was able to gain access to some of the personally identifiable information (PII) of users.

The information which may have been stolen includes names, email addresses, and ZIP codes. The Facebook profile pictures of users who chose to sign into Wyzant using their social network account were also placed at risk, of which such cross-platform connections may be useful in phishing campaigns.

TechRepublic: Why older employees are less likely to get tricked by phishing attacks

However, the tutoring platform does not believe that passwords, activity records, or financial information have been involved in the data breach.

It is not known how many users are impacted or whether or not the security incident has involved both students and tutors. Wyzant accounts for over two million registered users and over 80,000 instructors.

The company has patched the underlying problem, according to the publication, which suggests a security flaw or vulnerability may have been at fault. An audit and investigation are now underway.

CNET: Stolen or lost Android phone? Here's how to get it back

"Wyzant has implemented additional security measures designed to prevent a recurrence of such an attack and to protect the privacy of our valued customers," Wyzant said. "This includes reviewing our security processes and protocols. We are also working closely with law enforcement to ensure the incident is properly addressed."

ZDNet has reached out to Wyzant with additional queries and will update if we hear back. 

These are the worst hacks, cyberattacks, and data breaches of 2018

Previous and related coverage

• Hackers lurked in Citrix systems for six months
  
• Georgia Tech reveals data breach, 1.3 million records exposed
  
• Hackers steal card data from 201 online campus stores from Canada and the US
  

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0