DEV Community

Cover image for Edmodo Data Breach Analysis
BreachDirectory
BreachDirectory

Posted on • Originally published at breachdirectory.com

Edmodo Data Breach Analysis

Preface

Edmodo, an educational technology company offering a communication, collaboration and coaching platform to K-12 schools and teachers, suffered a data breach in the spring of 2017. The stolen data includes usernames, email addresses and passwords. After the company found out about the data breach, they contracted third party cybersecurity experts to conduct a full analysis to determine how the hackers managed to access their system.

What data is at risk?

The breached Edmodo data includes IDs, usernames, email addresses and hashed and salted passwords. There are exactly 77,039,863 ID, username and email records - the whole database has 77,248,517 records meaning that we can make an assumption that the hash and salt fields have 208,654 records more.

Usernames

In this data breach, there are 504 records with empty username fields - these records do not have email addresses associated with them either, but they do have passwords. It could be that these accounts had those attributes, but were chosen to be deleted from the system, and instead of deleting entire rows, Edmodo simply chose to delete other data attributes leaving only IDs and passwords in the database. Perhaps it could have been a measure to log in the user by using Simple Sign On (SSO) - by using such a property a user could login with his user ID and a password to gain access to any of several related systems: as Edmodo is a cloud-based learning management application, that would make sense.

Here's the letters that usernames begin with:

# Letter that a username begins with User count
1 a 4,922,727
2 b 2,096,025
3 c 3,110,247
4 d 2,527,984
5 e 1,865,287
6 f 1,185,165
7 g 1,424,801
8 h 1,345,874
9 i 1,056,430
10 j 3,964,428
11 k 2,457,254
12 l 2,365,989
13 m 4,455,507
14 n 1,694,399
15 o 494,123
16 p 1,475,123
17 q 191,028
18 r 2,140,257
19 s 3,949,875
20 t 1,945,199
21 u 253,171
22 v 845,521
23 w 760,843
24 x 276,044
25 y 729,145
26 z 510,445

We can see that:

  • The most prevalent letter - a - has been used 4,922,727 times - that's approximately 6.37% of Edmodo users;
  • The letter a is followed by the letter m - the letter m has been used by approximately 5.77% of Edmodo users;
  • The letter m is followed by the letter s - the letter s has been used by approxmately 5.11% of Edmodo users;
  • The letter s is followed by the letter j - the letter j has been used by approximately 5.13% of Edmodo users;
  • The letter j is followed by the letter c - the letter c has been used by approximately 4.03% of Edmodo users.

The five most prevalent letters combined consume a little above a quarter - approximately 26.41% of Edmodo's user base.

Judging from the analysis, we can see that the least prevalent letter is q - the letter q has been used by approximately 0.25% of Edmodo users.

Here's the numbers that usernames begin with:

Number that a username begins with User count
0 517,760
1 1,442,167
2 835,546
3 439,890
4 347,110
5 303,248
6 229,003
7 240,434
8 220,547
9 278,843

We can see that the most prevalent number is 1 and the least prevalent number is 8 - the numbers have been used by 1.87% and 0.29% of Edmodo users respectively.

Email addresses

Here's the top 100 most frequently used email domains by Edmodo users:

# Email Domain User count Purpose / Country
1 33,044,473 None
2 gmail.com 15,806,574 Commercial / United States
3 hotmail.com 7,549,528 Commercial / United States
4 yahoo.com 6,087,578 Commercial / United States
5 aol.com 455,198 Commercial / United States
6 yahoo.co.id 416,907 Indonesia
7 outlook.com 398,350 Commercial / United States
8 live.com 354,372 Commercial / United States
9 ymail.com 347,700 Commercial / United States
10 icloud.com 283,111 Commercial / United States
11 hotmail.es 217,006 Spain
12 comcast.net 159,545 Network Infrastructure
13 hotmail.co.uk 154,569 United Kingdom
14 rocketmail.com 128,987 Commercial / United States
15 students.ocps.net 111,647 Network Infrastructure
16 charterschoolsusa.com 105,010 Commercial / United States
17 education.nsw.gov.au 101,821 Government
18 qq.com 94,113 Commercial / United States
19 ccpsnet.net 86,486 Network Infrastructure
20 yahoo.es 82,201 Spain
21 me.com 75,712 Commercial / United States
22 msn.com 75,643 Commercial / United States
23 live.com.mx 74,481 Mexico
24 outlook.es 70,691 Spain
25 att.net 69,316 Network Infrastructure
26 libero.it 68,869 Italy
27 sbcglobal.net 66,498 Network Infrastructure
28 mail.ru 63,589 Russia
29 HOTMAIL.COM 62,252 Commercial / United States
30 verizon.net 59,871 Network Infrastructure
31 hotmail.it 58,556 Italy
32 naver.com 58,078 Commercial / United States
33 GMAIL.COM 57,753 Commercial / United States
34 edmodo.com 54,696 Commercial / United States
35 email.com 50,426 Commercial / United States
36 det.nsw.edu.au 49,201 Education
37 bellsouth.net 48,169 Network Infrastructure
38 cps.edu 45,591 Education
39 Gmail.com 45,216 Commercial / United States
40 yahoo.co.uk 44,138 United Kingdom
41 facebook.com 43,879 Commercial / United States
42 gamil.com 43,853 Commercial / United States
43 yahoo.com.mx 43,161 Mexico
44 yahoo.com.ar 42,007 Argentina
45 hotmail.com.ar 41,620 Argentina
46 cox.net 41,348 Network Infrastructure
47 hotmail.fr 41,230 France
48 mail.com 39,805 Commercial / United States
49 yahoo.com.ph 37,512 The Philippines
50 k12.sd.us 36,330 Commercial / United States
51 aim.com 35,887 Commercial / United States
52 live.cvesd.org 32,078 Organization
53 live.co.uk 31,892 United Kingdom
54 yahoo.ca 31,633 Canada
55 student.gccisd.net 30,538 Network Infrastructure
56 YAHOO.COM 29,713 Commercial / United States
57 gmai.com 29,407 Commercial / United States
58 hotmail.ca 25,543 Canada
59 pgcps.org 25,477 Organization
60 cvusd.us 25,378 Commercial / United States
61 bigpond.com 24,727 Commercial / United States
62 yahoo.com.br 24,202 Brazil
63 hotmail.co.th 22,346 Thailand
64 live.com.ar 22,157 Argentina
65 yahoo.it 21,547 Italy
66 live.ca 21,369 Canada
67 live.it 20,323 Italy
68 alice.it 20,319 Italy
69 yahoo.com.sg 20,162 Singapore
70 yahoo.com.au 19,954 Australia
71 yahoo.fr 19,088 France
72 richland2.org 19,001 Organization
73 gmail.co 18,945 None, probably misspelled
74 charter.net 18,842 Network Infrastructure
75 s.dcsdk12.org 18,648 Organization
76 btinternet.com 18,368 Commercial / United States
77 163.com 17,876 Commercial / United States
78 googlemail.com 17,738 Commercial / United States
79 windowslive.com 17,725 Commercial / United States
80 live.com.au 17,706 Australia
81 sinadep.org.mx 17,229 Mexico
82 hotmai.com 16,772 Commercial / United States
83 edumail.vic.gov.au 16,616 Government
84 interact.ccsd.net 15,439 Network Infrastructure
85 Hotmail.com 15,261 Commercial / United States
86 yahoo.com.tw 15,007 Taiwan
87 yahoo.com.hk 14,548 Hong Kong
88 Yahoo.com 14,247 Commercial / United States
89 gmil.com 14,160 Commercial / United States
90 wcpss.net 13,899 Network Infrastructure
91 optonline.net 13,891 Network Infrastructure
92 dadeschools.net 13,809 Network Infrastructure
93 virgilio.it 13,650 Italy
94 rogers.com 13,640 Commercial / United States
95 gmail.con 13,425 None, probably misspelled
96 bluevalleyk12.net 13,273 Network Infrastructure
97 class.lps.org 13,004 Organization
98 gaggle.net 12,778 Network Infrastructure
99 ocps.net 12,722 Network Infrastructure
100 tiscali.it 12,399 Italy

If we would sum up the users with associated countries, we would see that:

  • There were 32,545,063 users who registered from domains that were associated either with commercial things or the United States - they would consume approximately 42.39% of the entire user base;
  • There were 416,907 users who registered from domains that were associated with Indonesia - they would consume approximately 0.54% of the entire user base;
  • There were 369,898 users who registered from domains that were associated with Spain - they would consume approximately 0.48% of the entire user base;
  • There were 230,599 users who registered from domains that were associated with the United Kingdom - they would consume approximately 0.30% of the entire user base;
  • There were 215,663 users who registered from domains that were associated with Italy - they would consume approximately 0.28% of the entire user base;
  • There were 105,784 users who registered from domains that were associated with Argentina - they would consume approximately 0.14% of the entire user base;
  • There were 78,545 users who registered from domains that were associated with Canada - they would consume approximately 0.10% of the entire user base;
  • There were 37,660 users who users who registered from domains that were associated with Australia - they would consume approximately 0.05% of the entire user base;
  • There were 24,202 users who users who registered from domains that were associated with Brazil - they would consume approximately 0.03% of the entire user base;
  • There were 22,346 users who users who registered from domains that were associated with Thailand - they would also consume approximately 0.03% of the entire user base.

We can take a look at email addresses that begin with letters:

# The letter that an email address begins with User count
1 a 4,177,039
2 b 1,617,909
3 c 2,440,735
4 d 2,158,671
5 e 1,508,873
6 f 1,022,878
7 g 1,190,749
8 h 1,004,437
9 i 813,638
10 j 3,034,518
11 k 1,807,369
12 l 2,053,627
13 m 3,716,961
14 n 1,448,014
15 o 407,113
16 p 1,278,578
17 q 90,056
18 r 1,898,765
19 s 3,051,807
20 t 1,544,602
21 u 137,093
22 v 675,295
23 w 580,737
24 x 130,296
25 y 585,655
26 z 335,051

We can see that:

  • The most prevalent letter is a followed by the letter m;
  • The letter m is followed by the letter s;
  • The letter s is followed by the letter j;
  • The letter j is followed by the letter c;
  • The least prevalent letter is q.

We can also take a look at email addresses that begin with numbers:

The number that an email address begins with User count
0 90,119
1 612,044
2 256,276
3 129,773
4 181,148
5 51,321
6 46,337
7 49,532
8 43,364
9 51,916

Here the most prevalent number is 1, the least prevalent number is 8.

Summary

The Edmodo data breach, while pretty worrying at first, was not that bad after all - even though more than 77 million people were put at risk, Edmodo had hashed their passwords with a very strong BCrypt password hashing algorithm and they also salted their customers' passwords making bulk password cracking not worth the time for potential attackers.

Top comments (0)