Wyzant hack: intruder gains access to customers' personal data

Wyzant customer database is hacked by an anonymous intruder

Online tutoring service Wyzant got affected by a hacker that accessed personal information of customers.

Wyzant online market place for students and tutors suffered a data breach at the end of April 2019, as the official Notice of Data Breach reports.^[1] The company informed users about this security incident because they believe that an intruder managed to access customers' personal information. Wyzant claims that they have already fixed the issue, but the consequences are still unknown as the breach was discovered on May second, almost a week after the initial incident.

The company called this incident anomaly and claimed to have investigated it further. An attacker who managed to infiltrate a system is still unknown, but the access to the important users' info database was gained. Personally identifiable information that was stored on the network includes full names, email addresses, zip code, and Facebook profile information of users who have been logging into the platform using these social media logins.^[2]

No information on how many users had been affected

A tutoring company is known for a decade now and has more than two million registered users in total. Almost 80 000 from those customers are instructors. However, there is no information if students and tutors both been involved in this data breach.ref en-3] Although, an audit and further investigations should take place.

Wyzant has already stated that they patched the problem and ensured that no passwords, activity records or financial information have been involved in the incident:

Wyzant has implemented additional security measures designed to prevent a recurrence of such an attack and to protect the privacy of our valued customers.

This includes reviewing our security processes and protocols. We are also working closely with law enforcement to ensure the incident is properly addressed.

After further investigation of the entire network of the company, Wyzant should notify customers about any discovered information and specific details. Right now, the company claims to respect the privacy of customers and warns to beware of any potential phishing attacks or any use of personal information.^[3]

The official email has reached all affected users:

Wyzant values your business and respects the privacy of your information. We are writing as a precautionary measure to tell you of a data security incident that involves your personal information.

The further danger after such data breach and how to avoid that

When such information like email addresses get stolen, hackers attempt to trick users into providing additional details to get profit from victims. Many phishing campaigns, social engineering attacks employ such information to steal financial information, credit card details or even passwords. Later on, malicious actors can take money directly from compromised accounts.^[4]

If you are concerned about your privacy or fear of identity theft, you can:

• notify your bank about possible issues with suspicious transactions;
• change passwords of your accounts, emails;
• pay more attention to incoming email notifications;
• avoid clicking on any questionable links or files appearing on the screen;
• notify your Facebook friends about the possibility of getting malicious messages from your account.