US school app accounts hacked to send explicit image

  • Published
A stock image of a woman looking at a mobile phoneImage source, Getty Images

Parents in the US have reported receiving a notorious explicit image after hackers targeted a school app with 10 million users including teachers, students and family members.

There were many reports from schools and teachers of the image being sent from hacked accounts on the Seesaw app.

Seesaw said that a link to an "inappropriate image" was shared and it had taken action to stop the issue.

The graphic image is a highly explicit internet meme intended to shock.

Somebody who works with teachers and pupils told Seesaw via Twitter: "You have a hack in messages that's allowing an inappropriate picture to be shared with families and teachers across multiple districts. Please take action!"

This Twitter post cannot be displayed in your browser. Please enable Javascript or try a different browser.View original content on Twitter
The BBC is not responsible for the content of external sites.
Skip twitter post by Seesaw

Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter’s cookie policy, external and privacy policy, external before accepting. To view this content choose ‘accept and continue’.

The BBC is not responsible for the content of external sites.
End of twitter post by Seesaw

In its statement, Seesaw denied that hackers had gained administrative access but had instead hacked "isolated" individual accounts.

It shared more detail about the attack and what it did in response on a status page.

"Widely available compromised emails/passwords that were reused across services were used to gain unauthorised access to Seesaw accounts," it said., external

Some parents told US media of their horror when the image appeared in group chats.

The head of one school in Milwaukee warned parents not to blame those who appeared to have sent the message.

"While specific parent names were attached to these messages," the school's statement said, "we know that these parents were not involved."

Image source, Seesaw
Image caption,

A screenshot of the Seesaw login page

Seesaw said in response to the incident it had:

  • completely disabled the messaging feature to stop additional users seeing the inappropriate message

  • removed the inappropriate message from accounts to which it was sent

  • reset the passwords of all compromised accounts and notified users

Many schools sent out warnings about clicking on links obscured by bit.ly - a link shortening service.

Seesaw said it had worked with bit.ly to disable the links.