Edmodo, an educational technology company offering a communication, collaboration and coaching platform to K-12 schools and teachers, suffered a data breach in the spring of 2017. The stolen data includes usernames, email addresses and passwords. After the company found out about the data breach, they contracted third party cybersecurity experts to conduct a full analysis to determine how the hackers managed to access their system.
The breached Edmodo data includes IDs, usernames, email addresses and hashed and salted passwords. There are exactly 77,039,863 ID, username and email records – the whole database has 77,248,517 records meaning that we can make an assumption that the hash and salt fields have 208,654 records more.
In this data breach, there are 504 records with empty username fields – these records do not have email addresses associated with them either, but they do have passwords. It could be that these accounts had those attributes, but were chosen to be deleted from the system, and instead of deleting entire rows, Edmodo simply chose to delete other data attributes leaving only IDs and passwords in the database. Perhaps it could have been a measure to log in the user by using Simple Sign On (SSO) – by using such a property a user could login with his user ID and a password to gain access to any of several related systems: as Edmodo is a cloud-based learning management application, that would make sense.
Here’s the letters that usernames begin with:
| # | Letter that a username begins with | User count |
|---|---|---|
| 1 | a | 4,922,727 |
| 2 | b | 2,096,025 |
| 3 | c | 3,110,247 |
| 4 | d | 2,527,984 |
| 5 | e | 1,865,287 |
| 6 | f | 1,185,165 |
| 7 | g | 1,424,801 |
| 8 | h | 1,345,874 |
| 9 | i | 1,056,430 |
| 10 | j | 3,964,428 |
| 11 | k | 2,457,254 |
| 12 | l | 2,365,989 |
| 13 | m | 4,455,507 |
| 14 | n | 1,694,399 |
| 15 | o | 494,123 |
| 16 | p | 1,475,123 |
| 17 | q | 191,028 |
| 18 | r | 2,140,257 |
| 19 | s | 3,949,875 |
| 20 | t | 1,945,199 |
| 21 | u | 253,171 |
| 22 | v | 845,521 |
| 23 | w | 760,843 |
| 24 | x | 276,044 |
| 25 | y | 729,145 |
| 26 | z | 510,445 |
We can see that:
The five most prevalent letters combined consume a little above a quarter – approximately 26.41% of Edmodo’s user base.
Judging from the analysis, we can see that the least prevalent letter is q – the letter q has been used by approximately 0.25% of Edmodo users.
Here’s the numbers that usernames begin with:
| Number that a username begins with | User count |
|---|---|
| 0 | 517,760 |
| 1 | 1,442,167 |
| 2 | 835,546 |
| 3 | 439,890 |
| 4 | 347,110 |
| 5 | 303,248 |
| 6 | 229,003 |
| 7 | 240,434 |
| 8 | 220,547 |
| 9 | 278,843 |
We can see that the most prevalent number is 1 and the least prevalent number is 8 – the numbers have been used by 1.87% and 0.29% of Edmodo users respectively.
Here’s the top 100 most frequently used email domains by Edmodo users:
| # | Email Domain | User count | Purpose / Country |
|---|---|---|---|
| 1 | 33,044,473 | None | |
| 2 | gmail.com | 15,806,574 | Commercial / United States |
| 3 | hotmail.com | 7,549,528 | Commercial / United States |
| 4 | yahoo.com | 6,087,578 | Commercial / United States |
| 5 | aol.com | 455,198 | Commercial / United States |
| 6 | yahoo.co.id | 416,907 | Indonesia |
| 7 | outlook.com | 398,350 | Commercial / United States |
| 8 | live.com | 354,372 | Commercial / United States |
| 9 | ymail.com | 347,700 | Commercial / United States |
| 10 | icloud.com | 283,111 | Commercial / United States |
| 11 | hotmail.es | 217,006 | Spain |
| 12 | comcast.net | 159,545 | Network Infrastructure |
| 13 | hotmail.co.uk | 154,569 | United Kingdom |
| 14 | rocketmail.com | 128,987 | Commercial / United States |
| 15 | students.ocps.net | 111,647 | Network Infrastructure |
| 16 | charterschoolsusa.com | 105,010 | Commercial / United States |
| 17 | education.nsw.gov.au | 101,821 | Government |
| 18 | qq.com | 94,113 | Commercial / United States |
| 19 | ccpsnet.net | 86,486 | Network Infrastructure |
| 20 | yahoo.es | 82,201 | Spain |
| 21 | me.com | 75,712 | Commercial / United States |
| 22 | msn.com | 75,643 | Commercial / United States |
| 23 | live.com.mx | 74,481 | Mexico |
| 24 | outlook.es | 70,691 | Spain |
| 25 | att.net | 69,316 | Network Infrastructure |
| 26 | libero.it | 68,869 | Italy |
| 27 | sbcglobal.net | 66,498 | Network Infrastructure |
| 28 | mail.ru | 63,589 | Russia |
| 29 | HOTMAIL.COM | 62,252 | Commercial / United States |
| 30 | verizon.net | 59,871 | Network Infrastructure |
| 31 | hotmail.it | 58,556 | Italy |
| 32 | naver.com | 58,078 | Commercial / United States |
| 33 | GMAIL.COM | 57,753 | Commercial / United States |
| 34 | edmodo.com | 54,696 | Commercial / United States |
| 35 | email.com | 50,426 | Commercial / United States |
| 36 | det.nsw.edu.au | 49,201 | Education |
| 37 | bellsouth.net | 48,169 | Network Infrastructure |
| 38 | cps.edu | 45,591 | Education |
| 39 | Gmail.com | 45,216 | Commercial / United States |
| 40 | yahoo.co.uk | 44,138 | United Kingdom |
| 41 | facebook.com | 43,879 | Commercial / United States |
| 42 | gamil.com | 43,853 | Commercial / United States |
| 43 | yahoo.com.mx | 43,161 | Mexico |
| 44 | yahoo.com.ar | 42,007 | Argentina |
| 45 | hotmail.com.ar | 41,620 | Argentina |
| 46 | cox.net | 41,348 | Network Infrastructure |
| 47 | hotmail.fr | 41,230 | France |
| 48 | mail.com | 39,805 | Commercial / United States |
| 49 | yahoo.com.ph | 37,512 | The Philippines |
| 50 | k12.sd.us | 36,330 | Commercial / United States |
| 51 | aim.com | 35,887 | Commercial / United States |
| 52 | live.cvesd.org | 32,078 | Organization |
| 53 | live.co.uk | 31,892 | United Kingdom |
| 54 | yahoo.ca | 31,633 | Canada |
| 55 | student.gccisd.net | 30,538 | Network Infrastructure |
| 56 | YAHOO.COM | 29,713 | Commercial / United States |
| 57 | gmai.com | 29,407 | Commercial / United States |
| 58 | hotmail.ca | 25,543 | Canada |
| 59 | pgcps.org | 25,477 | Organization |
| 60 | cvusd.us | 25,378 | Commercial / United States |
| 61 | bigpond.com | 24,727 | Commercial / United States |
| 62 | yahoo.com.br | 24,202 | Brazil |
| 63 | hotmail.co.th | 22,346 | Thailand |
| 64 | live.com.ar | 22,157 | Argentina |
| 65 | yahoo.it | 21,547 | Italy |
| 66 | live.ca | 21,369 | Canada |
| 67 | live.it | 20,323 | Italy |
| 68 | alice.it | 20,319 | Italy |
| 69 | yahoo.com.sg | 20,162 | Singapore |
| 70 | yahoo.com.au | 19,954 | Australia |
| 71 | yahoo.fr | 19,088 | France |
| 72 | richland2.org | 19,001 | Organization |
| 73 | gmail.co | 18,945 | None, probably misspelled |
| 74 | charter.net | 18,842 | Network Infrastructure |
| 75 | s.dcsdk12.org | 18,648 | Organization |
| 76 | btinternet.com | 18,368 | Commercial / United States |
| 77 | 163.com | 17,876 | Commercial / United States |
| 78 | googlemail.com | 17,738 | Commercial / United States |
| 79 | windowslive.com | 17,725 | Commercial / United States |
| 80 | live.com.au | 17,706 | Australia |
| 81 | sinadep.org.mx | 17,229 | Mexico |
| 82 | hotmai.com | 16,772 | Commercial / United States |
| 83 | edumail.vic.gov.au | 16,616 | Government |
| 84 | interact.ccsd.net | 15,439 | Network Infrastructure |
| 85 | Hotmail.com | 15,261 | Commercial / United States |
| 86 | yahoo.com.tw | 15,007 | Taiwan |
| 87 | yahoo.com.hk | 14,548 | Hong Kong |
| 88 | Yahoo.com | 14,247 | Commercial / United States |
| 89 | gmil.com | 14,160 | Commercial / United States |
| 90 | wcpss.net | 13,899 | Network Infrastructure |
| 91 | optonline.net | 13,891 | Network Infrastructure |
| 92 | dadeschools.net | 13,809 | Network Infrastructure |
| 93 | virgilio.it | 13,650 | Italy |
| 94 | rogers.com | 13,640 | Commercial / United States |
| 95 | gmail.con | 13,425 | None, probably misspelled |
| 96 | bluevalleyk12.net | 13,273 | Network Infrastructure |
| 97 | class.lps.org | 13,004 | Organization |
| 98 | gaggle.net | 12,778 | Network Infrastructure |
| 99 | ocps.net | 12,722 | Network Infrastructure |
| 100 | tiscali.it | 12,399 | Italy |
If we would sum up the users with associated countries, we would see that:
We can take a look at email addresses that begin with letters:
| # | The letter that an email address begins with | User count |
|---|---|---|
| 1 | a | 4,177,039 |
| 2 | b | 1,617,909 |
| 3 | c | 2,440,735 |
| 4 | d | 2,158,671 |
| 5 | e | 1,508,873 |
| 6 | f | 1,022,878 |
| 7 | g | 1,190,749 |
| 8 | h | 1,004,437 |
| 9 | i | 813,638 |
| 10 | j | 3,034,518 |
| 11 | k | 1,807,369 |
| 12 | l | 2,053,627 |
| 13 | m | 3,716,961 |
| 14 | n | 1,448,014 |
| 15 | o | 407,113 |
| 16 | p | 1,278,578 |
| 17 | q | 90,056 |
| 18 | r | 1,898,765 |
| 19 | s | 3,051,807 |
| 20 | t | 1,544,602 |
| 21 | u | 137,093 |
| 22 | v | 675,295 |
| 23 | w | 580,737 |
| 24 | x | 130,296 |
| 25 | y | 585,655 |
| 26 | z | 335,051 |
We can see that:
We can also take a look at email addresses that begin with numbers:
| The number that an email address begins with | User count |
|---|---|
| 0 | 90,119 |
| 1 | 612,044 |
| 2 | 256,276 |
| 3 | 129,773 |
| 4 | 181,148 |
| 5 | 51,321 |
| 6 | 46,337 |
| 7 | 49,532 |
| 8 | 43,364 |
| 9 | 51,916 |
Here the most prevalent number is 1, the least prevalent number is 8.
The Edmodo data breach, while pretty worrying at first, was not that bad after all – even though more than 77 million people were put at risk, Edmodo had hashed their passwords with a very strong BCrypt password hashing algorithm and they also salted their customers’ passwords making bulk password cracking not worth the time for potential attackers.
Dive deep into ways to best index your data and learn how to mysql if…
Dive deep into ways to load big data sets into MySQL with BreachDirectory. From MySQL…
Can the SQL EXPLAIN statement be a DoS vector and how to mitigate this threat?…
What is Cross Site Scripting, how does it work, and how can developers prevent it?…
BreachDirectory explains the risks of compressed files with a password on them for your infrastructure…
There have been rumors about a data breach targeting Schneider Electric. Did a data breach…