Passwords were hashed but user details are for sale on the dark web.
Passwords were hashed but user details are for sale on the dark web.

The account details of millions of subscribers to the education platform Edmodo have not only been stolen but witnessed to be for sale on the dark web, according to a post on Motherboard.

The platform is used by more than 78 million teachers, students and parents to compose lesson plans, make homework assignments and other tasks.

Breach notification website LeakBase provided Motherboard with a sample of more than two million records, which included usernames, email addresses and hashed passwords. 

The good news is that the passwords apparently are hashed with the stealthy bcrypt algorithm, and a string of random characters known as a salt, which likely will make it more difficult for hackers to obtain users' login credentials. And, when staffers at Motherboard attempted to open Edmodo accounts using some of the purloined data, they were unsuccessful as the address was already linked to an Edmodo account, the report explained.

The bad news is that at least a portion of the database is up for sale on the dark web marketplace Hansa for $1,000. The seller, going under the name nclay, said s/he was in possession of 77 million accounts. LeakBase reported that 40 million of those come with an email address.

"Edmodo has learned about a potential security incident," a company spokesperson told Motherboard in an email. "Protecting the privacy of our users is of the utmost importance to Edmodo. We take this report very seriously and we are investigating."