Seesaw Messages issue (update)

seesaw issue

Thursday, Sept. 15 Update:

Dear District 58 Families and Staff,

We wanted to provide a second update regarding yesterday’s system-wide Seesaw Messages incident, with information that Seesaw provided us late last night. Both District 58 and Seesaw are continuing to take this incident very seriously.

What happened

Seesaw informed us that many of its family accounts, including several District 58 accounts, were compromised by an outside entity. The outside entity compromised the accounts through “credential stuffing.” Generally speaking, “credential stuffing” occurs when a malicious entity finds potential email/password pairs that were leaked in a data breach, and attempts those same email/password pairs to gain access to a different system’s accounts. In this case, the entity likely used email/password pairs gained through an unrelated data breach to attempt access into Seesaw users’ accounts.

While logged into the compromised Seesaw family accounts, including several District 58 accounts, the entity sent inappropriate images to other Seesaw accounts. The inappropriate images were not shared by actual District 58 families. 

What actions were taken

The Seesaw team has taken several immediate actions to contain and address this issue. Messages was turned OFF for all users while the issue was investigated. It was enabled again this morning. To learn more about the details of what action was taken, please visit status.seesaw.me

Important information for you

  • If your account was compromised, your password was reset and you have already received an email notifying you of this.
  • It is essential that you always use best practices to ensure your password is secure.
  • Seesaw takes protecting your security and privacy seriously and there are a number of measures in place to protect the integrity of your information. You can learn more here
  • We recommend that you refresh your web browser and if using Seesaw on a mobile device, you can update your device to the latest app version (version 8.1.2, released today) and re-launch Seesaw or close and re-open the Seesaw app (Here are instructions to close iOS and Android devices).

The safety and privacy of our students, staff and families is our number one priority and we are all taking this incident extremely seriously. If you have any questions or concerns for the Seesaw team, please reach out here. 

Sincerely,

James Eichmiller, Ed.D.

Assistant Superintendent for Technology & Learning


Wednesday, Sept. 14 Afternoon Update:

Dear District 58 Families,

We wanted to provide an update on this morning’s email regarding a system-wide issue with Seesaw Messages. Seesaw informed us that many of its family accounts, including several District 58 accounts, were compromised by an outside entity. While logged into the compromised District 58 family accounts, the entity sent inappropriate images to other District 58 accounts. The inappropriate images were not shared by actual District 58 families. 

Please note, this is not an issue unique to District 58, as many other school districts nationwide that use Seesaw also reported the same issue.

Seesaw investigated the issue and they reported that they completed the following actions:

  • Temporarily disabled the Messages feature while investigating (they have since re-enabled it)
  • Removed the inappropriate links from any messages that reference it
  • Reset the passwords of affected users
  • Took measures to prevent additional accounts from being compromised

Seesaw continues to monitor and investigate the situation. Any user may reset their password at https://app.seesaw.me/#/reset_password

We wanted to note that this issue was not a breach of District 58’s security systems, but instead an issue with Seesaw. Nevertheless, security issues are very concerning, and we will continue to seek information from Seesaw regarding the impact this issue had on our District 58 Seesaw accounts, and what actions they are taking to prevent this from taking place again in the future.

We sincerely appreciate your understanding, and we will let you know if we have any updates to report.

Sincerely,

James Eichmiler, Ed.D.
Assistant Superintendent for Technology & Learning


Wednesday, Sept. 14 Morning Message:

Dear District 58 Families, 

District 58 became aware this morning that Seesaw is experiencing a system-wide issue where inappropriate messages are being sent to some families and staff, using Seesaw Messages. This issue is affecting the entire Seesaw network, not just District 58. Although the inappropriate messages that some District 58 families/staff have received appear to originate from other District 58 family accounts, we have no evidence that any District 58 families are actually sending these messages. Seesaw is investigating this issue and has temporarily turned off its messaging tool. 

We realize that many families may have questions regarding this issue. We are working with Seesaw to better understand what is happening, as well as next steps to protect our student, family and staff’s privacy. Due to the urgency of this issue, we wanted to inform you as soon as possible; however at this time, we have very limited information from Seesaw. We will send you an update when we have more information.

Sincerely,

James Eichmiller, Ed.D
Assistant Superintendent for Technology & Learning