MOQdigital's education software subsidiary SkoolBag has told customers that encrypted login credentials from its platform were distributed on hacker forums as part of a collection of globally hacked data.
The breach was uncovered a few weeks ago as part of a trove of user information shared around hacking forums dubbed Collection #1. The collection contains more than one billion unique combinations of email addresses and passwords collected from thousands of different sources, according to security researcher Troy Hunt.
SkoolBag said that a limited group of its users' email addresses and encrypted passwords were contained within Collection #1, however, its security team hasn't found any evidence of unauthorised activity on the platform.
"As soon as SkoolBag was aware of the issue, it took immediate steps to engage data security experts and further secure the platform," the company said in a statement.
The company said it didn't consider the incident to be an "eligible breach" under the Notifiable Data Breaches scheme introduced in 2017 which requires organisations with a turnover of more than $3 million to disclose users of data breaches within 30 days. SkoolBag said there was no evidence to suggest the breach would result in serious harm due to the nature of the breach as well as the "extensive remediation actions undertaken."
"SkoolBag is committed to providing a safe and secure platform for all users. Throughout 2018 it made several security and technology enhancements to the platform. SkoolBag has implemented and continues to implement, additional security measures to secure the platform. It has notified individual users who may have been affected, as well as sharing further information for all users on its website," the company said in a statement.
SkoolBag providers a software-as-a-service platform for the education and childcare sector, allowing customers to communicate with parents or club members through a personalised smartphone or web application. MOQ bought SkoolBag for $3 million back in 2016.