Seesaw accounts hacked to send explicit images to other users

Parents in the US have reported receiving explicit images after hackers targeted a school app with 10 million users including teachers, students and family members.

Seesaw said that it was brought to their attention that a link to an inappropriate image was being shared via the Messages feature. It appears that specific accounts were compromised by an outside actor. Seesaw was not compromised; however, isolated individual user accounts were compromised and used to send an inappropriate message.

So far they said they have no evidence to suggest this attacker performed additional actions or accessed data in Seesaw beyond logging in and sending a message from these compromised accounts.

Seesaw said it was subjected to a coordinated “credential stuffing” attack.

They have removed the inappropriate image link from all messages and taken many other actions to ensure it is inaccessible. However, in a few instances, if the message was already loaded in a web browser or one of their apps, the message may have been cached on your device. To ensure that no one has access to the inappropriate message, they recommend everyone *refresh their web browsers and refresh their mobile apps*.

On mobile, you can update your device to the latest app version (version 8.1.2, released today) and re-launch Seesaw OR close and re-open the Seesaw app.

Here are instructions to close apps on mobile devices:
– iOS: https://support.apple.com/en-us/HT201330
– Android: https://support.google.com/android/answer/9079646?hl=en#zippy=%2Cclose-apps

Further information at https://status.seesaw.me