What happened
According to public breach records, the Edmodo data breach on May 11, 2017 is reported to have exposed the personal information of 43,423,561 accounts.
In May 2017, the education platform Edmodo was hacked resulting in the exposure of 77 million records comprised of over 43 million unique customer email addresses. The data was consequently published to a popular hacking forum and made freely available. The records in the breach included usernames, email addresses and bcrypt hashes of passwords.
Passwords in this breach were reportedly stored as bcrypt hashes.
In May 2017 the K-12 education platform Edmodo was hacked, exposing roughly 77 million user records (about 43.4 million unique email addresses) along with usernames and bcrypt-hashed passwords; the data surfaced as an 11.7 GB dump and was advertised for sale on the dark web (reportedly on the Hansa marketplace for around $1,000) before being published to a public hacking forum. Edmodo acknowledged the incident on May 17, 2017 and reset affected passwords. It was notable as one of the largest exposures of children's accounts to that point, with an estimated 50 million of the usernames belonging to students.
What data was exposed
The following types of personal data were compromised:
- Email addresses
- Passwords
- Usernames
Breach details
| Detail | Value |
|---|---|
| Breach name | Edmodo |
| Date | May 11, 2017 |
| Accounts affected | 43,423,561 |
| Domain | edmodo.com |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Edmodo; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Change your Edmodo password and update it anywhere you reused the same password — even though passwords were bcrypt-hashed (hard to crack), reuse is still the main risk.
- Enable two-factor authentication on accounts tied to the exposed email address to block takeover from any cracked or reused credentials.
- Treat the exposed email address as a phishing target — be wary of messages referencing Edmodo, schools, or password resets, and verify senders before clicking.
- If a child's account was involved, have a parent or guardian reset the password and review what name/email information may have been linked to the username.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Have I Been Pwned: Edmodo Breach
- Deep dive into the Edmodo data breach | 4iQ
- Hacker Steals 77 Million Edmodo User Accounts | EdSurge News
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →