Wyzant—an online marketplace that makes it easy for parents and students to connect with private tutors, in-person and online, in over 250 different subjects—has suffered a data breach exposing “certain personal identification information” for its customers.
The Hacker News received a copy of an email notification Wyzant recently sent to its affected customers, which reveals an unknown attacker was able to gain access to one of its databases on April 27, which the company identified a week after the security incident.
The stolen personal identification information for affected customers includes their first name, last name, email address, zip code, and, for certain customers, their Facebook profile image as well who log-in to the platform using Facebook.
Wyzant also explicitly made it clear that the stolen data did not include any password, payment information, or record of its customers’ activity on the Wyzant platform, and that no other than the above-mentioned data was known to have been accessed.
Though it is still unclear how many customers were actually hit by the security breach, or if both tutors and students are affected, or what security hole the unknown attackers exploited to get into the company’s network, the company did confirm that it has now patched the underlying issue.
With more than 2 million registered users and over 76,000 active tutors in its database, Wyzant is a decade-old popular tutoring service that bring students and instructors together, online and in-person.
In response to the security incident, Wyzant says it is performing an extensive audit of its entire network and application security infrastructure and will notify its customers of any significant development.
images from Hacker News