So far, I have not attempted to validate the claims in a post spotted on a dark web forum, below. I am posting it in the hopes that it will make some teachers – and school administrators – think about when was the last time they did a password reset, and might this be a good time to do one?
So I have 4 accounts for some teachers gradebooks from my local high school, I got these myself and they still use this themselves and don’t know i’m able to login. The question is what should I do with these? I have access to all the students grades and can edit them freely, I as well have access to all of the students personal info (address, parents and students email, DOB, etc). I can also login to their email and read and send emails as well as look in their google drive. I was thinking of putting all the students info in a spreadsheet (thousands of students) and sending an email to school district and making them pay ransom or I release all of these thousands of personal info. I would tip the news off anonymously to make sure this spreads around and gets attention. Let me know if you have any other ideas, or if someone would be interested in buying them for something. Thanks.
And no, I wasn’t tipped to this by the poster, although he mentions trying to use the media if he decides to try to extort the school district.
The post has only been up a few days, and I’ll be interested to see if there’s any follow-up.
Quick update: In an encrypted chat, the individual told me that the data are from a U.S. k-12 district, although the district was not named, nor the state.