"School Messaging App Apologizes for 'Inappropriate Image' Sent After Cyberattack"
Seesaw is an app used by 10 million teachers, students, and parents across the US. The company released a statement saying it suffered a credential stuffing attack that allowed a malicious actor to send an explicit message using their service. Credential stuffing is a hacker technique that involves the use of usernames and passwords obtained from data breaches to gain access to accounts on other services. This method is still popular among hackers because users often reuse passwords across multiple accounts on different services. Seesaw stated that it worked with Bit.ly to disable the image-containing link, but urged users to use unique passwords on the platform. As a proactive additional security measure, it intends to scan databases for known compromised passwords and forcibly reset the passwords of users who may have reused passwords. This article continues to discuss the distribution of an inappropriate image through the Seesaw messaging app as a result of a credential stuffing attack and the company's response to this incident.