Australian research firm Securus found security flaws in Blackboard, the online classroom system used by GW and many other institutions, according to a report.
The software has “holes that allow students to change grades and download unpublished exams, whilst allowing criminals to steal personal information,” SC Magazine alleged in September, although University administrators insisted no breaches resulted from the reported flaws.
“Vulnerabilities in the Blackboard Learn platform have the potential to affect millions of school and university students and thousands of institutions around the world,” according to the SC Magazine article.
Blackboard recognized that several of the reported security holes existed and alerted its customers on Sept. 21, but denied that any hackers accessed priviledged information or log-ins. Blackboard scheduled two webinars last week to update clients on its security practices.
The “exaggerated” security concerns did not result in any known breaches in GW’s Blackboard system, nor do they pose a future threat to students, a University official said.
“Based on our review of the documentation from Blackboard, we have determined that many of the identified issues are not applicable to our system,” Yordanos Baharu, director of the University’s Instructional Technology Lab, said. “GW has not and is not currently at risk by the potential flaw.”
The University installs software patches and updates as they become available to address security concerns when they arise, Baharu said.
While the software company acknowledged the allegations, it emphasized that no students are known to have hacked the system.
When asked about the security concerns, Anne Duke, a Blackboard media representative, deferred to a blog post on the Blackboard website.
“Although these issues are important, and we’re committed to fixing them quickly, most of them could only have a limited impact at the class level [and] do not seriously threaten the overall institution or system data,” according to that post. “Most importantly – there have been no client reports of exploitation of any of these vulnerabilities.”
October is National Cyber Security month.