Fife parents were sent an explicit image through a schools messaging platform after their accounts on the Seesaw app were hacked.
The app widely used by schools around the kingdom and Tayside was targeted in a coordinated attack – known as credential stuffing – where users’ passwords are guessed.
Fife Council confirmed a “very limited” number of adults in the region had been affected by the incident which saw victims sent a link to a picture of a man engaged in a sex act.
San Francisco-based Seesaw said that the app itself was not compromised and there was no evidence to suggest the attacker did anything other log in and send a message from the individual accounts accessed.
Pupils’ class pictures
Seesaw is used by schools to record pupils’ work, often with pictures of children in class or taking part in activities, and to communicate with parents through private group chats.
Compromised accounts were used to send a link to the pornographic image to other users in messages which looked like they came from teachers or other parents.
Seesaw disabled its messaging function on Wednesday after the issue was detected and only reinstated it on Thursday afternoon.
Fife Council’s data protection officer, Fiona Smyth, said: “We’re aware of the incident with the Seesaw app, which is used across our schools.
“Current information is that a very limited number of adult user accounts have been affected, and that no pupil accounts are involved.
“We are satisfied that Seesaw have taken appropriate action and have issued advice to affected parents.
“We’ll continue to monitor the situation over the coming days.”
Reports emerged from the US on Wednesday of parents at schools in several states country being affected.
Were other areas affected locally?
Neither Angus nor Perth and Kinross councils are aware of parents or teachers being affected in their schools.
An Angus Council spokesperson said: “Seesaw made us aware there was an issue and, while we are not aware of any incidents in Angus, we have followed the advice they have given.”
A spokesperson for Perth and Kinross Council said: “We are aware of the information security issue that affected the Seesaw app this week.
“While we have not received any reports associated with this issue from our schools that use the app, we are following the advice provided by Seesaw.”
Dundee City Council has also been approached for information.
What have Seesaw done?
The issue was identified by Seesaw in the early hours of Wednesday – Tuesday night in the UK – and the messaging function of Seesaw was turned off while it investigated.
Seesaw said anyone whose account was compromised would already have been notified.
It issued a message to users stating: “Seesaw was not compromised, however, isolated individual user accounts were compromised and used to send an inappropriate link.
“We have no evidence to suggest [the perpetrator] performed any additional actions or accessed other data in Seesaw beyond logging in and sending a message from these compromised accounts.
“We have taken a series of actions to stop the issue and put additional protections in place to prevent future issues from occurring.”
Seesaw has been approached for further comment.
Conversation