In the News
Accounts exposed at another major company. In Critical Flaws in Khan Academy Opened Door to Account Takeovers, Lindsey O’Donnell at ThreatPost discusses how two major security flaws in the Khan Academy server made accounts vulnerable to exploitation. O’Donnell explains that by logging into a Khan Academy account using a social media log-in method and not creating an additional, secure password, accounts could have been accessed if the user entered a web page embedded with any malicious code. O’Donnell states that Khan Academy has patched the flaws.
Our Take
Khan Academy has been a lifesaver for high school and college students alike. The service provides valuable lessons and information for a variety of topics and subjects. Having an account with Khan Academy can provide you with full access to their services, but just like with any other online account, the set-up requires you to input a bunch of personal information. If your account is exposed and taken over by a malicious attacker, all of the information stored within the account falls into the wrong hands. While your Khan Academy account may not have the most sensitive information stored on it, you always want to make sure that your accounts are secured to the best of your ability. While you can’t control is a system flaw is in place, you can protect your accounts with strong and unique passwords and by limiting the about of information you store in your online accounts.
Recommendations
How can you protect your privacy your online accounts?
- Understand the risks of putting your personal information into the world, and only share what you have to
- Use safe password practices when creating online accounts, and take advantage of Multi-factor Authentication where possible
- Utilize additional security/privacy measures and settings on apps, accounts, and platforms whenever possible
- Stay up to date on the news regarding recent data breaches and exposures to see if you may have been affected