Apps made by Indian IT company Appscook have been putting user data at risk, including the personal information of minors.
Research by Cybernews found the company, which has developed 96 school-specific apps, many of which are used across 600 Indian and Sri Lankan schools for education management, including parent communication and student performance, may have missed some vital security issues.
Now, a leak looks to have been published to DigitalOcean that includes some pretty serious personally identifiable information relating to children, and the consequences could be immense.
Child data leaked from Indian-developed school apps
According to Cybernews, the information includes students’ names, names of parents, pictures of students attending pre-primary, primary, and secondary schools, names of the schools children attend, birth certificates, fee receipts, student report cards/exam results, home addresses, and phone numbers.
It is believed that a system misconfiguration is to blame, rather than a targeted cyberattack. More than half a million children use the app, with around twice as many parents and guardians.
Cybernews Information Security Researcher Vincentas Baubonis said: “The leaked data about minors could have dire consequences, as this information can put children at physical risk by revealing their daily whereabouts. It can also be used by someone with malicious intent to impersonate school officials or manipulate children and parents.”
Although the risk of digital fraud is lower among minors, the threat of in-person attacks including exploitation is very real. Cybernews also noted the rise of cryptocurrency in the illegal data marketplace, which helps to preserve the anonymity of attackers.
TechRadar Pro has asked Appscook to share more information about the extent of the leak and for more information about the remedial measures it’s taking, but is yet to receive a response.