Brightly warns of SchoolDude data breach exposing credentials
Brightly warns of SchoolDude data breach exposing credentials
By Sergiu Gatlan
May 11, 2023 04:25 PM 2
Brightly
U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform.
SchoolDude is a cloud-based platform for managing work orders used by over 7,000 colleges, universities, and K-12 schools from school districts of up to 600,000 students.
The companies' other SaaS solutions are being used by more than 12,000 organizations worldwide, most from the United States, Canada, the United Kingdom, and Australia.
"We at Brightly Software are writing to let you know about a recent security incident affecting an account you have on our SchoolDude application (schooldude.com), an online platform used by educational institutions for placing and tracking maintenance work orders," Brightly told affected SchoolDude users.
"The incident involved an unauthorized actor obtaining certain account information from the SchoolDude user database."
The company believes the threat actors have stolen customer account information, including names, email addresses, account passwords, phone numbers (where available), and school district names.
Brightly data breach letter
Brightly data breach letter (BleepingComputer)
Brightly also reset the passwords of all SchoolDude users, who will now have to choose a new password after clicking "Forgot Login Name or Password?" on login.schooldude.com.
"Because passwords were affected in this incident, we are writing to remind you of the importance of using a strong and unique password for each online account you maintain," the SaaS provider added.
"If you are currently using your SchoolDude password for any other online account, we recommend that you promptly change your passwords on those other accounts."
After detecting the incident, Brightly reported the breach to the relevant law enforcement authorities and hired third-party security experts to investigate the attack.
According to a notification filed with the Office of Maine's Attorney General, the attackers infiltrated Brightly's systems on April 20 and were discovered on April 28.
The same notification reveals that the data breach affected 2,964,292 SchoolDude customers and users.
In a statement shared with BleepingComputer via email, a Brightly spokesperson didn't provide any additional details besides those provided in the letters sent to customers.
Update: Added breach date and the number of affected individuals.
By Sergiu Gatlan
May 11, 2023 04:25 PM 2
Brightly
U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform.
SchoolDude is a cloud-based platform for managing work orders used by over 7,000 colleges, universities, and K-12 schools from school districts of up to 600,000 students.
The companies' other SaaS solutions are being used by more than 12,000 organizations worldwide, most from the United States, Canada, the United Kingdom, and Australia.
"We at Brightly Software are writing to let you know about a recent security incident affecting an account you have on our SchoolDude application (schooldude.com), an online platform used by educational institutions for placing and tracking maintenance work orders," Brightly told affected SchoolDude users.
"The incident involved an unauthorized actor obtaining certain account information from the SchoolDude user database."
The company believes the threat actors have stolen customer account information, including names, email addresses, account passwords, phone numbers (where available), and school district names.
Brightly data breach letter
Brightly data breach letter (BleepingComputer)
Brightly also reset the passwords of all SchoolDude users, who will now have to choose a new password after clicking "Forgot Login Name or Password?" on login.schooldude.com.
"Because passwords were affected in this incident, we are writing to remind you of the importance of using a strong and unique password for each online account you maintain," the SaaS provider added.
"If you are currently using your SchoolDude password for any other online account, we recommend that you promptly change your passwords on those other accounts."
After detecting the incident, Brightly reported the breach to the relevant law enforcement authorities and hired third-party security experts to investigate the attack.
According to a notification filed with the Office of Maine's Attorney General, the attackers infiltrated Brightly's systems on April 20 and were discovered on April 28.
The same notification reveals that the data breach affected 2,964,292 SchoolDude customers and users.
In a statement shared with BleepingComputer via email, a Brightly spokesperson didn't provide any additional details besides those provided in the letters sent to customers.
Update: Added breach date and the number of affected individuals.