Cybernews researchers have discovered a misconfigured database on the LectureNotes Learning App, which has exposed the data of over 2 million student users on the internet.
LectureNotes, which enables faculties to share notes with students via web, Android, and iOS, leaked 2,165,139 records, including username, first name, last name, email, password (encrypted), phone number, IP address, user-agent, session tokens, and administrator authorization IDs.
“The exposure of session tokens poses a severe threat, potentially allowing a potential attacker to illicitly access user sessions without requiring passwords,” Cybernews researchers wrote.
The news comes just weeks after Cybernews researchers and Bob Dyachenko of Security Discovery.com discovered the Mother of All Breaches (MOAB) in January, which featured 26 billion leaked records from popular services like Twitter, Dropbox, LinkedIn, Adobe, Canva, and Telegram.
How the LectureNotes Leak Happened
This incident occurred due to a simple misconfiguration, which caused the MongoDB database to update in real time, exposing user data and current user sessions. It was through this simple error that Cybernews discovered the information online.
Unfortunately, this type of database misconfiguration isn’t the only one of its kind. Back in 2021, Group-IB researchers conducted a study and found that there were 308,000 databases exposed on the open web.
Patrick Tiquet, vice president of security and architecture at Keeper Security, warned that this was a significant leak, telling Techopedia:
“The severity of this data breach is significantly heightened because of the personal details and critical administrator credentials that were part of the compromised data.
“The immediate concern is the potential exploitation of this exposed data, which could lead to various malicious activities such as identity theft, phishing attacks and unauthorized access to user accounts.
“Current and former users of LectureNotes should assume they’ve already been breached and act accordingly.”
Phishing attacks are one of the most pressing concerns because a threat actor could use the leaked information to target an individual with a fake email, giving the user a link to update their account details and direct them to a spoofed website.
There is also the potential that many compromised accounts have used the same password for other services, with students urged to change passwords elsewhere or use a secure password manager.
At the same time, Cybernews noted that there is the potential that session tokens could be used to access accounts without the need for a password.
Mitigating the LectureNotes Fallout
Given the information leaked, it’s a good idea for users to act quickly to ensure they are protected from any risks.
“Proactive steps individuals can take include changing login information for their account with LectureNotes, getting a dark web monitoring service, monitoring or freezing their credit, and practising good cyber hygiene,” Tiquet said.
Tiquet also said users can take other measures, including selecting strong and unique passwords for each account, enabling multi-factor authentication (MFA), keeping software up-to-date, and being careful what they click on.
This can also be combined with measures such as downloading a top antivirus service and using a good VPN provider to make it harder for threat actors to compromise your device and eavesdrop on your activity.
Above all, being vigilant against phishing emails is one of the best defences that users can incorporate into their basic cyber hygiene. This means not clicking on links or attachments from unknown senders and double-checking communications for high-pressure language and spelling mistakes.
While users can’t prevent themselves from falling victim to breaches due to exposed databases or vendor mistakes, they can safeguard their personal information, accounts, and machines to make their data much more difficult to access on their side.
LectureNotes users should react quickly to the reported leak to make sure they’re insulated against potential risks.
MongoDB databases are a popular target for attackers because they are a potential goldmine for high-value information. The fact this information was readily available online could mean that it was exposed to malicious actors.
The key take-home is that users should update their passwords and keep an eye out for phishing emails just in case a hacker tries to target them. This a case where it’s better to be safe than sorry.