Security News > 2022 > September > School chat app Seesaw abused to send 'inappropriate image' to parents, teachers

School chat app Seesaw abused to send 'inappropriate image' to parents, teachers
2022-09-16 21:45

Parents and teachers received a link to an "Inappropriate image" this week via Seesaw after miscreants hijacked accounts in a credential stuffing attack against the popular school messaging app.

Late Tuesday, attackers used stolen credentials to take over some Seesaw accounts and send a private message to other users with a link to a dirty pic, he said.

We are aware of the unauthorized messages that were sent nationally to parents with children in grades Pre-K through second grade via the SeeSaw app.

"We have no evidence to suggest the attacker performed additional actions or accessed data in Seesaw beyond logging in and sending a message," Graham said.

The app admins removed the message with the "Inappropriate image" link from all accounts, and coordinated with Bit.ly and AWS - presumably because Bit.ly was used to shorten the image URL in the message and Amazon had some role in hosting the picture - to make sure the material was no longer accessible.

Seesaw recommends refreshing web browsers, re-launching Seesaw on mobile devices, and updating to the latest version 8.1.2.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/09/16/seesaw_inappropriate_image/