In a Schoolzilla blog post, CEO and founder Lynzi Ziegenhagen said, “As soon as we learned of it, we immediately fixed the error and confirmed no one accessed any information, other than the researcher. Within a few days, the CEO personally contacted each client to relay the news. Vickery wrote that the company was quick to respond to his data breach notification ticket - and without shooting the messenger or accusing Vickery of being hacker. “After loading them into a local MSSQL instance I did some review and concluded that this was most likely real student data and did indeed come from Schoolzilla.” “I downloaded several of the production backups, the largest was titled ‘Web_Data_FULL’ and weighed in at 12 gigs,” he wrote. I discovered the bucket after noticing a few other unsecured buckets related to the Tableau data visualization platform.” He found an exposed bucket called “sz.tableau” and began looking for other “sz” iterations, only to find a repository for Schoolzilla’s database backups. In a recent Security Watch blog post, Vickery said that he discovered a file configuration error in an analysis of Schoolzilla, which “made the all too common mistake of configuring their cloud storage (an Amazon S3 bucket) for public access. Vickery currently runs the Security Watch blog for MacKeeper, an anti-virus software firm, and leads MacKeeper’s Analytical and Security Center.
The issue was uncovered by Chris Vickery, a white-hat computer security researcher best known for discovering an exposed database containing more than 191 million American voter registration records. Students, parents, teachers, administrators and others using the Schoolzilla data platform were recently informed of a security issue that made information for more than 1.3 million users vulnerable to hackers.