Education nonprofit Edraak ignored a student data leak for two months

Data continued to flow for two months after a cybersecurity firm notified the nonprofit of the security lapse.
By: | April 8, 2021

Edraak, an online education nonprofit, exposed the private information of thousands of students after uploading student data to an unprotected cloud storage server, apparently by mistake.

The nonprofit, founded by Jordan’s Queen Rania and headquartered in the kingdom’s capital, was set up in 2013 to promote education across the Arab region. The organization works with several partners, including the British Council and edX, a consortium set up by Harvard, Stanford and MIT.

In February, researchers at U.K. cybersecurity firm TurgenSec found one of Edraak’s cloud storage servers containing at least tens of thousands of students’ data, including spreadsheets with students’ names, email addresses, gender, birth year, country of nationality, and some class grades.

TurgenSec alerted Edraak to the security lapse. A week later, their email was acknowledged by the organization but the data continued to spill.

Two months passed and the server remained open. At its request, TechCrunch contacted Edraak, which closed the servers a few hours later.

Read more at TechCrunch

More from UB