A hacker sent explicit images to parents and teachers over a popular school messaging app, the company said Wednesday.
Parents and teachers received the explicit photo in private chats on Seesaw, a student engagement platform, districts in Illinois, New York, Oklahoma, and Texas said Wednesday.
The explicit photo was sent through a “bit.ly” link. Bit.ly is a popular link-shortening service that hides the real web address, so in this case parents would not be able to see where the link was taking them. In some cases though, the explicit image was automatically displayed to unsuspecting parents.
The inappropriate image was reportedly a well-known meme photo of a man performing an explicit act.
Seesaw said Wednesday that “specific user accounts were compromised by an outside actor,” according to a statement that vice president of marketing, Sunniya Saleem, shared with NBC News.
“We are taking this extremely seriously,” she said. “Our team continues to monitor the situation to ensure we prevent further spread of these images from being sent or seen by any Seesaw users.”
Seesaw’s platform allows students to share links, as well as media, such as photos, videos, drawings, text, and PDFs. The platform also allows students to share their work with families.
“Nothing is shared without teacher approval,” the platform says.
About 10 million teachers, students, and family members use the Seesaw app, according to the company’s website, but it is unclear how many of Seesaw’s users were affected by the hack.
One school district in the Dayton, Ohio, area sent out a warning to parents Wednesday morning to stop using Seesaw, saying the problem was caused by a virus.
“We are currently working with Seesaw and our technology team to eliminate this virus from our system and ensure our students are not exposed to inappropriate material,” Huber Heights City Schools officials said in a letter to families.
The district also said it has removed the Seesaw login option from all student devices until further notice and told school staff not use Seesaw until the problem is fixed.
A New York school, Castleton Elementary School just south of Albany, said it had been affected by the hack and asked parents to email teachers rather than use Seesaw to message them. Another nearby school district, the Troy City School District just north of Albany, sent out a similar warning, telling parents not to click on any Seesaw links.
Keeneyville Elementary School District 20 in the Chicago area warned parents in a pop-up on its website not to open any “bit.ly” links sent through Seesaw.
“It may appear as a message was sent to you from another school family, but please delete the message immediately, without opening as inappropriate content was sent,” the district’s warning read.
The district updated its message later Wednesday afternoon, saying the problem has been resolved.
“Seesaw has resolved the incident from this morning and has re-opened messaging,” the new message on the Illinois district’s website read. “Any affected accounts should have received an email from Seesaw to reset your passwords.”