More than 800 school districts across the United States got a big surprise this week when someone hacked the web hosting service they used called SchoolDesk.
The Bloomfield, New Jersey school district was one of those faced with this unusual situation.
"For about two hours, our websites displayed an ISIS-sponsored YouTube video. Around 6 AM, the hacked page was brought down and by about 7 AM full functionality and control were restored. Everything that happened occurred at the web host's companies server farms in Atlanta, Georgia, and Florida."
SchoolDesk statement on hacking incident
SchoolDesk says its InfoSec team knows what happened:"Our technical team discovered that a small file had been injected into the root of one of the SchoolDesk websites, redirecting approximately 800 websites to an iFramed YouTube page."
The company says it is possible there was an SQL injection or perhaps bad actors gained access by exploiting a weak password. It also says it is requiring all users, including the company's own staff, to reset their passwords.
It looks like SchoolDesk learned a lesson itself, this time, saying it is adding redundancies to prevent this from happening again in the future.