In yet another incident that points to Indian companies not taking privacy seriously enough, Gurugram-based online school management platform Skolaro has exposed data belonging to over 50K students studying in around 100 Indian schools, their parents as well as teachers, after storing its database in unsecured servers.
The database was first discovered by a UK-based cybersecurity researcher Roni Suchowski, who said it also has over 130K user ID and passwords which are lying unprotected on the database. Each of these user names belongs to a current or former user of Skolaro’s platform, and Suchowski said that anyone with basic knowledge of web development can easily take a look at the database.
Inc42 can confirm that the database contains usernames, passwords, age, blood group, religion, address, admission number, school name, date of birth, grades, profile image among other details. It also contains the medical history of some students, making it ripe for identity theft and other acts of crime.
“Hundreds of photographs of a single student are available on the database. I checked randomly and saw almost every day a picture of a kid indulged in some activity at some kindergarten,” said Suchowski. Moreover, personal details of teachers at Skolaro-partnered schools, including their salaries, were also exposed.