Scoolio is a comprehensive School Management Platform that connects Parents, Educators, and Administrators to the data needed to spur student success.
It seems that 400,000 users of Scoolio, had their sensitive information exposed due to what seems to be an API flaw in the platform.
Scoolio earns money by collecting and monetizing data created by various tools and functionalities. Scoolio, on the other hand, claims that it does not collect or distribute any information from students without their permission.
Scoolio has teamed with German schools to use their technology as a remote teaching aid tool for file transfers and digital homework collecting.
Many students utilize the app as a common tool in their courses as a result of collaborations and government support.
The vulnerability was discovered by Lilith Wittmann of the IT security collective “Zerforchung,” who promptly informed the Scoolio team of her findings.
Wittmann outlines how she exploited Scoolio API weaknesses to get incredibly sensitive data for each user ID used on the app in Zerforchung’s report.
As reported by BleepingComputer, the exposed personal data includes:
User nickname User and parent email addresses GPS location at which the app was last opened Name of school and class