Social learning platform Edmodo says it’s investigating reports that millions of user account details are up for sale on the darknet.
The firm claims to be “the world's largest primary and secondary social learning community”, connecting learners with teachers and resources.
The San Mateo-based firm has over 78 million users, according to its website.
However, a hacker with the handle “nclay” claims to have 77 million of them and is trying to flog them on darknet site Hansa for a little over $1000, according to Motherboard.
Breached credentials site LeakBase now claims to have the vast majority of them on file: almost 70 million, according to a tweet late on Thursday.
The data apparently includes user names, email addresses and passwords hashed with bcrypt and salted, making them harder to crack but not impossible.
The news site has confirmed the authenticity of some of the accounts, which are said to have been stolen last month.
An Edmodo statement sent to the site claimed the firm “has learned about a potential security incident.”
"Protecting the privacy of our users is of the utmost importance to Edmodo. We take this report very seriously and we are investigating", it added.
If the facts check out, this will be just the latest in a long line of very public data breach incidents affecting some of the web’s most popular names.
At the top sits Yahoo, which suffered a breach of 500 million and then one billion records in two infamous incidents.
A report in January claimed a 40% increase in breaches last year, and Verizon’s newly released Data Breach Investigations Report (DBIR) claimed that of the 1945 breaches it studied, more than 20 involved the loss of over a million records.
Experts now urge organizations to assume they have been or will at some point in the future be successfully targeted. That means preparing now by developing an effective incident response plan.