School software provider Active Network discloses data breach

The US-based School management software provider Active Network disclosed a severe security breach last week.

Active Network provides web-based school management software for K-12 schools and districts, last week it announced to have suffered a major security breach.

The hackers gained access to Blue Bear, a cloud school accounting software customized especially for K-12 schools and districts to help manage and simplify schools’ activity fund accounting.

According to Active Network data breach notice, parents who accessed Blue Bear-based web store to pay school fees or buy books and other material between October 1, 2019, and November 13, 2019, might have had their personal data stolen.

Exposed data include name, store username and password, payment card number, payment card expiration date, and payment card security code.

“We recently identified suspicious activity on the Blue Bear platform. Our investigation determined the activity related to Blue Bear webstore users between October 1, 2019 and November 13, 2019. During this time, some personal information that you provided may have been accessed or acquired by unauthorized third parties.” reads the notice of data breach.

“While we are unable to determine with certainty whether your personal information was affected, the personal information involved may have included: name, credit card or debit card number ending in , expiration date and security code (the three or four-digit value included on the front or back of payment cards and used for verification of certain transactions), and Blue Bear account usernames and passwords. This incident did not involve unauthorized access to Social Security numbers, driver license numbers, or similar government ID card numbers.”

The company reported the issue to the California Attorney General’s office and launched an investigation with the help of a leading cybersecurity firm. The Abington Cole and Ellery law firm is currently investigating the incident, attempting to involve impacted users in a class-action.

Based on the information disclosed by Active Network, the attackers were able to compromise the platform and plant a software skimmer designed to collect users’ payment card data while they were finalizing their purchases through Blue Bear software.

In October 2019, the Federal Bureau of Investigation (FBI) has released an alert on e-skimming attacks. E-skimming took place when hackers compromise an e-commerce site and plant a malicious code designed to siphon payment card data or personally identifiable information (PII).

E-skimming attacks were initially observed in the wild in 2016, their number rapidly increased since then. In the last years, numerous attacks involving software skimmers were carried out by threat actors under the Magecart umbrella.

The attacks used various techniques across the time to carry out an e-skimming attack, such as exploiting flaws in the e-commerce platform (i.e. Magento, OpenCart). In other attacks, hackers have compromised plugins used by e-commerce platforms in a classic supply chain attack or have injected software skimmers inside a company’s cloud hosting account that was poorly protected.

Another attack scenario sees hackers targeting the administrators of the platform with social engineering attacks in an attempt to obtain his credentials and use them to plant the malicious code in the e-store.

Hacker groups under the Magecart umbrella focus in the theft of payment card data with software skimmers. Security firms have monitored the activities of a dozen groups at least since 2010. 

According to a joint report published by RiskIQ and FlashPoint, some groups are more advanced than others, in particular, the gang tracked as Group 4 appears to be very sophisticated.

The list of victims of the groups is long and includes several major platforms such as British Airways, Newegg, Ticketmaster, MyPillow and Amerisleep, and Feedify. 

Active Network announced to have taken steps to enhance its monitoring tools and security controls, the company is also offering users free identity monitoring services.

An Active Network spokesperson could not be immediately reached over the weekend for additional insights and comments.

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
catch (error) {}

Pierluigi Paganini

(SecurityAffairs – Active Network, data breach)

The post School software provider Active Network discloses data breach appeared first on Security Affairs.