Important Notice About Your Edmodo Account

Edmodo recently learned about a security incident potentially affecting the accounts of Edmodo users. Safeguarding the trust and security of our users is of the utmost importance to Edmodo. Upon learning of the incident, we promptly retained leading information security experts to investigate the incident and we reported it to law enforcement.

We have no indication at this time that any user passwords have been compromised, but we strongly recommend that users reset their passwords as soon as possible. Please see the “How do I change passwords” links below for details on how to reset your password.

For additional information, please see the appropriate sections below:

Why am I being told to create a new password on Edmodo?

How do I change passwords? (Teachers)

How do I change my password? (Students)

How do I change passwords? (Parents)

I access my Edmodo account with credentials from Google, Office 365, Clever, my School/District, or another third party. Do I still need to reset my password?

Does this mean my account was compromised? Is my data safe?

What is Edmodo doing to address the situation so that this doesn't happen again?

What additional security measures can I take?

Who can I contact if I have additional questions or concerns?

 

 

Why am I being told to create a new password on Edmodo?

Our investigation has confirmed that user names, email addresses, and hashed passwords were acquired by an unauthorized third party. All passwords were "hashed" using the strong and robust bcrypt password hashing algorithm, which is like a strong form of encryption. All passwords were also “salted,” which means that a string of random characters was applied to the passwords by Edmodo to further increase their security.

We have no indication at this time that any user passwords have been compromised, but we strongly recommend that all users promptly reset their passwords.

 

 

How do I change passwords? (Teachers)

If you visit Edmodo and see a notice to create a new password, simply follow the steps on the page.

Alternatively, on your Account Settings page, you can reset your password by using the “Password” tab located on the left side of that page.

If neither of those options works for you, you can follow the steps below to reset your password:

  1. Visit the password reset page on Edmodo.
  2. Enter your email address.
  3. Click the link in the email you receive and follow the instructions.

Note: If you initiate a password update, but don't receive the follow-up email, please check the spam folder of your inbox. If the email isn't there, add notifications@edmodo.com to your address book, and then update your password again.

If your Students rely on you to manage their passwords, or you want to help them right now, here’s how to change their passwords.

Students are also able to reset their own password within their Account Settings page or from a Parent account associated with the Student account.

 

 

How do I change my password? (Students)

If you visit Edmodo and see a notice to create a new password, simply follow the steps on the page.

Alternatively, on your Account Settings page, you can reset your password by using the “Password” tab located on the left side of that page.

If neither of those options works for you, you can follow the steps below:

  1. Visit the password reset page on Edmodo.
  2. Enter your email address or username.

Note: If there is not an email associated with your Student account, the password recovery flow will prompt an email to your Teacher or Parent. Your Teacher or your Parent can then reset your password.

 

 

How do I change passwords? (Parent)

If you visit Edmodo and see a notice to create a new password, simply follow the steps on the page.

Alternatively, on your Account Settings page, you can reset your password by using the “Password” button located on the right side of that page.

If neither of those options works for you, you can follow the steps below:

  1. Visit the password reset page on Edmodo.
  2. Enter your email address.
  3. Click the link in the email you receive.

Note: If you initiate a password update, but don't receive the follow-up email, please check the spam folder of your inbox. If the email isn't there, add notifications@edmodo.com to your address book, and then update your password again.

As a Parent, you can also reset your Student's password by using the “Password” tab on the left side of your Account Settings page.

 

 

I access my Edmodo account through credentials from Google, Office 365, my School/District, or another third-party. Do I still need to reset my password?

If you don’t have an Edmodo password, you will not see the Password Reset prompt. If you're prompted to change your password within Edmodo, that means there is an Edmodo password associated with your account. We recommend changing your password as a preventative measure. If you used your prior Edmodo password for any other online services, you should promptly change those passwords too.

Keep in mind that this action will NOT change your password in your other identity provider (i.e., Google, Office 365, etc).

 

 

Does this mean my account was compromised? Is my data safe?

We have no indication at this time that any hashed passwords have been compromised. Edmodo passwords are “hashed” (or encrypted) using the strong and robust bcrypt algorithm, and they are also “salted,” which adds an additional layer of security. Nevertheless, as a precaution, we strongly recommend that users reset their passwords.

 

 

What is Edmodo doing to address the situation so that this doesn't happen again?

Edmodo is working with leading information security experts to investigate this matter and further enhance the security of the Edmodo platform. We reported this incident to law enforcement and will cooperate in any investigation. We have no indication at this time that any user passwords have been compromised, but we are notifying Edmodo users so that our community can take precautionary measures, including resetting passwords for Edmodo and any other online service for which the same password was used.

Edmodo regularly reviews and enhances its systems and processes, and we will continue to take appropriate security steps to minimize the risk of such incidents in the future.

 

 

 

What additional security measures can I take?

We recommend that you do the following for all sites you visit:

  • Avoid reusing the same passwords across multiple services
  • Create strong, unique passwords
  • Only sign in to your account from secure devices, and sign out if accessing on a non-personal device

If you used your Edmodo password for any other online sites, you should promptly change those passwords too. As a general precaution, you should also be on guard against phishing scams, which are designed to trick individuals into providing personal information in response to phony emails. As a rule, companies do not ask for personal information like credit card numbers, bank account information, or passwords via email. If you receive an email that you suspect to be a phishing email, promptly delete it.

For additional resources on how we are keeping your accounts secure, and what you can do to protect your account, please visit our Privacy Page.

 

 

Who can I contact if I have additional questions or concerns?

If you have any additional questions or concerns about the incident, please contact us.