US school app accounts hacked to send explicit image

Image source, Getty Images

Parents in the US have reported receiving a notorious explicit image after hackers targeted a school app with 10 million users including teachers, students and family members.

There were many reports from schools and teachers of the image being sent from hacked accounts on the Seesaw app.

Seesaw said that a link to an "inappropriate image" was shared and it had taken action to stop the issue.

The graphic image is a highly explicit internet meme intended to shock.

Somebody who works with teachers and pupils told Seesaw via Twitter: "You have a hack in messages that's allowing an inappropriate picture to be shared with families and teachers across multiple districts. Please take action!"

Skip Twitter content
Allow Twitter content?

This article contains content provided by Twitter. We ask for your permission before anything is loaded, as they may be using cookies and other technologies. You may want to read Twitter and before accepting. To view this content choose 'accept and continue'.

Warning: Third party content may contain adverts

End of Twitter content

In its statement, Seesaw denied that hackers had gained administrative access but had instead hacked "isolated" individual accounts.

It shared more detail about the attack and what it did in response on a status page.

"Widely available compromised emails/passwords that were reused across services were used to gain unauthorised access to Seesaw accounts,"

Some parents told US media of their horror when the image appeared in group chats.

The head of one school in Milwaukee warned parents not to blame those who appeared to have sent the message.

"While specific parent names were attached to these messages," the school's statement said, "we know that these parents were not involved."

Image source, Seesaw

Image caption, A screenshot of the Seesaw login page

Seesaw said in response to the incident it had:

  • completely disabled the messaging feature to stop additional users seeing the inappropriate message
  • removed the inappropriate message from accounts to which it was sent
  • reset the passwords of all compromised accounts and notified users

Many schools sent out warnings about clicking on links obscured by bit.ly - a link shortening service.

Seesaw said it had worked with bit.ly to disable the links.