Update - 9/14 Incident Report
Summary of the issue:
What Happened?
We have no evidence to suggest that the attacker performed additional actions in compromised Seesaw user accounts beyond logging in and sending a message.
How Seesaw Immediately Responded*
Ensuring the safety and privacy of our teachers, students, and families was our top priority.
Within the first few hours of learning about the attack, we took action. Seesaw’s swift response to this attack included the following steps:
In addition to the above, we have taken a number of mitigation steps to prevent a similar attack in the future through refinements to Seesaw’s rate limiting, alerting, blocking, content detection, and login systems.
We'll be reviewing other steps we can take in the coming days to help users secure their accounts further.
Here’s What This Means for Your Users
Is Seesaw safe to use?
Seesaw is safe to use. The safety and privacy of our teachers, students, and families is our number one priority and we take it extremely seriously. Seesaw was not compromised, and the incident has been resolved.
Is Seesaw Messages secure and safe to use?
Yes, this incident occurred as a result of unauthorized access to Seesaw accounts. Seesaw, including the messaging feature, was not compromised.
How do I know if my account was compromised?
If your account was compromised, the Seesaw team sent you an email. We proactively reset the passwords of all accounts we know to have been compromised. We have also adjusted our detection and blocking rules to ensure similar attacks are prevented in the future.
Why was messaging turned off?
As soon as we identified this attack was taking place, our first priority was to secure the safety of teachers, students, and families. While we resolved the issue, we disabled the messaging feature to prevent the message from being distributed widely. Before turning messaging back on, we took action to block the attacker’s access and made sure the image was removed and no longer accessible.
How do I ensure that the image has been removed?
We have removed the inappropriate image link from all messages and taken many other actions to ensure it is inaccessible (details can be found here: http://status.seesaw.me)..) In a few instances, if the message was already loaded in a web browser or one of our apps, it may have been cached on devices. To completely remove the image, users can follow these steps:
- We recommend all users refresh their web browsers and restart their mobile app.
- On mobile, we recommend all users update devices to the latest version (version 8.1.2) or re-launch Seesaw by completely closing out and re-opening the Seesaw app. (Here are instructions to close apps for iOS and Android devices).
- iOS: https://support.apple.com/en-us/HT201330
- Android: https://support.google.com/android/answer/9079646?hl=en#zippy=%2Cclose-apps
How can I take extra precaution and reset my password?
Any user can always reset their password at https://app.seesaw.me/#/reset_password.
Where can I get more information or support?
If you have any questions or concerns, please reach out to us here: https://help.seesaw.me/hc/en-us/requests/new. Thank you for your patience while our team worked round the clock to get these additional security measures in place.
Sep 15, 2022 - 13:39 PDT
Update - Messages is ON for all customers. We are continuing to monitor.
Sep 15, 2022 - 07:17 PDT
Monitoring - We are turning Messages back ON for all customers starting at 7 am PT and continuing to monitor.
Sep 15, 2022 - 06:44 PDT
Update - We have removed the inappropriate image link from all messages and taken many other actions to ensure it is inaccessible. However, in a few instances, if the message was already loaded in a web browser or one of our apps, the message may have been cached on your device. To ensure that no one has access to the inappropriate message, we recommend all everyone refresh their web browsers and refresh their mobile apps. On mobile, you can update your device to the latest app version (version 8.1.2, released today) and re-launch Seesaw OR close and re-open the Seesaw app.
Here are instructions to close apps on mobile devices:
We are also emailing all affected users with these instructions as well. We plan to re-enable Messages tomorrow after overnight monitoring.
Sep 14, 2022 - 18:37 PDT
Update - What Happened
What Data May Have Been Accessed
What We Have Done
What You Should Do
If you are an administrator, you can let your parents and teachers know:
Next Steps*
We will re-enable messaging when we’ve confirmed that the inappropriate message is no longer accessible from our servers.
We are actively monitoring the situation and will be putting additional mitigation measures in place to prevent this and future attacks of this type.
We will be scanning databases of known compromised passwords and resetting the passwords of users who may have re-used passwords as a proactive additional security measure (and preventing use of these passwords in the future).
Please always use a unique password for accessing Seesaw and any other online account or service. Never reuse an old password or use the same password. Consider using a password manager for added security.
We will continue providing updates here.
Sep 14, 2022 - 15:01 PDT
Identified - We believe there may be some caching cases where the previously sent inappropriate images may still be accessible to some customers. At this time we do not believe there are any new messages with the inappropriate image being sent. We have turned the Messaging feature off while we investigate the issue further. We are continuing to monitor and investigate the situation and will post a more detailed update shortly.
Sep 14, 2022 - 13:40 PDT
Monitoring - We have reset passwords for affected individuals and confirmed that links are no longer accessible. At this point, we have re-enabled the Messages feature. We are continuing to monitor and investigate the situation and will post a more detailed update shortly.
Sep 14, 2022 - 10:42 PDT
Update - As of 9:15am PT: Users who received the link via an email notification will no longer be able to access the link.
As of 10:15am PT: We have reset passwords for and sent password reset emails to all affected accounts.
Sep 14, 2022 - 10:24 PDT
Update - It was brought to our attention that a link to an inappropriate image was being shared via the Messages feature. It appears that specific accounts were compromised by an outside actor.
We take this incident extremely seriously. We’ve turned OFF Messages temporarily for all users while we investigate, to prevent further spread of this image from being sent or seen by any Seesaw users.
If you have any questions or concerns, please reach out to us at https://help.seesaw.me/hc/en-us/requests/new.
We will continue to provide updates on https://status.seesaw.me/ as we investigate and manage the situation.