Publishing giant Scholastic hit by hackers, data on 8 million people stolen

News
By
published

Millions of email addresses and other information taken

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)
  • Hacker tells media they broke into publishing giant Scholastic
  • They then stole sensitive information on millions of people
  • The data will not be made public, and was stolen "for fun", hacker says

Publishing and media giant Scholastic has allegedly suffered a cyberattack in which it lost sensitive information on millions of people.

A hacker going by the alias “Parasocial” claims to have stolen the data through an employee portal, including people’s names, email addresses, phone numbers, and postal addresses, for US customers and “education contacts”. This latter group makes up roughly a million, out of a total eight million entries.

In its report, Daily Dot says the database contains more than four million unique email addresses. Furthermore, Parasocial provided its researchers with a sample, from which they were able to deduce that the data is legitimate. They did not reach out to the people directly, but came to some conclusions after reading their LinkedIn information and other social media accounts.

Authentic sample

Scholastic is known for its books, educational materials, and popular series like Harry Potter, The Hunger Games, and Goosebumps. Parents, teachers, and administrators, can sign up for an account on the platform. Parents need to enter full data on their children, and teachers need to list the school they work for.

The attacker said their motives were simple entertainment, and that they will not be publishing the archives on the internet.

“To Scholastic; lol get pwned. This is a lesson to be learned the hard way. Don’t let your customers take the hit for your security failures, use MFA,” Daily Dot cited Parasocial as saying, adding they would have taken even more information, but were stopped by the server’s export limits.

In a statement to the Daily Dot, a representative for Scholastic said the company was investigating the claim.

“Scholastic takes the security of our customers’ data seriously with extensive systems and protocols, and are investigating this claim thoroughly,” they said.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.