Wyzant online tutoring platform suffers data breach

The personal data of users and connected Facebook profile information may have been compromised.

The most hacked passwords: Is yours one of them? Your name, your favorite football team and your favourite band: The UK's National Cyber Security Centre has released a list of the 100,000 most common passwords to appear in data breaches. Read more: https://zd.net/2UYNnKP

Wyzant has revealed a data breach which has led to the compromise of user data including Facebook profile information.

In an email sent to customers and seen by Hacker News, the online marketplace -- which can be used to find tutors for 1-on-1 lessons in hundreds of subjects -- said that an "anomaly" on a single database was found on May 2, 2019.

See also: Failed blackmail attempt prompts hackers to leak ocean of data belonging to major companies

This 'anomaly' prompted further investigation, leading to the discovery of a cyberattacker who managed to infiltrate Wyzant systems on April 27, 2019. The unknown threat actor was able to gain access to some of the personally identifiable information (PII) of users.

The information which may have been stolen includes names, email addresses, and ZIP codes. The Facebook profile pictures of users who chose to sign into Wyzant using their social network account were also placed at risk, of which such cross-platform connections may be useful in phishing campaigns.

TechRepublic: Why older employees are less likely to get tricked by phishing attacks

However, the tutoring platform does not believe that passwords, activity records, or financial information have been involved in the data breach.

It is not known how many users are impacted or whether or not the security incident has involved both students and tutors. Wyzant accounts for over two million registered users and over 80,000 instructors.

The company has patched the underlying problem, according to the publication, which suggests a security flaw or vulnerability may have been at fault. An audit and investigation are now underway.

CNET: Stolen or lost Android phone? Here's how to get it back

"Wyzant has implemented additional security measures designed to prevent a recurrence of such an attack and to protect the privacy of our valued customers," Wyzant said. "This includes reviewing our security processes and protocols. We are also working closely with law enforcement to ensure the incident is properly addressed."

ZDNet has reached out to Wyzant with additional queries and will update if we hear back. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0