1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Hi Guest, welcome to the TES Community!

    Connect with like-minded education professionals and have your say on the issues that matter to you.

    Don't forget to look at the how to guide.

    Dismiss Notice

Important information about your account on tes.com

Discussion in 'Welcome lounge and forum help' started by cliftonc, May 24, 2018.

  1. cliftonc

    cliftonc Guest

    Morning all,

    I wanted to let you all know that we have spent the last week investigating, and then combatting, a sophisticated attempt to gain access to users accounts on tes.com. The attacker used a technique called ‘credential stuffing’, which essentially means getting hold of a database of leaked email / password combinations from other websites (such as the Edmodo hack last year) and using those in an attempt to access accounts on tes.com where the user may be re-using a password from one of those leaks.

    The attacker was specifically looking for accounts with stored card details or paid resources as they were attempting to conduct fraudulent purchases in our resources marketplace. We observed the attacker access author accounts that were then used to attempt to fraudulently purchase resources from via compromised buyer accounts. This was done by modifying the bank account details on the compromised author account, and then attempting a withdrawal.

    We have a set of fraud checks that identified this behaviour and ensured that no money was actually paid out, but has resulted in a delay in payment to authors as we investigated the issue. Apologies for the lack of specific communication if you are an author that was affected, we needed to methodically complete the investigation before speaking of it publicly. We have now released payment to all authors whose accounts were not accessed, and will be individually contacting those remaining today to have them carry out a set of checks before we clear the funds on their withdrawals, which we will then process immediately.

    To be clear, this is not a breach of the security on tes.com in any way, and there has been no broader access to our environments or data. We have however informed the ICO, and will work with them to ensure that the investigation and actions we have taken are appropriate given the events. We are also working with an external forensics specialist, and as we complete the investigation we will also be informing the relevant authorities.

    As the access was via a leaked password database, we very strongly recommend that if you re-use a common password across sites, that you immediately change your passwords across all key services, most importantly your email service, and use a password manager such as 1password: https://1password.com/ or https://www.remembear.com/ (we are in no way affiliated with these but use them internally at Tes). You can also check the status of your email address via services such as https://hacked-emails.com/ or https://haveibeenpwned.com/.

    For those users on tes.com whose credentials we have found in public leaked databases, and we know match the credentials used to login to tes.com, we will be taking an extra step and forcing a password reset on next login. You will not be able to reuse your existing password. This is being carried out later today, so you may receive an email informing you about this.

    In addition to forcing a password reset for vulnerable accounts, we have also made an immediate set of improvements to tes.com to ensure that as a user you are notified as soon as we see a password change, email address change and soon add an email when we detect a login in a new location or from a new device. We will also be adding additional layers of authentication (such as a mobile phone) for users who want to take additional steps to secure their accounts.

    I’d like to thank you for your patience, but we had to complete the investigation and ensure there had been no breach before moving forward publicly, and we have worked around the clock to get to the bottom of this.

    If you have any questions I am more than happy to answer them here, or please contact us via help@tes.com.

    Clifton Cunningham
    Chief Technology Officer @ tes
  2. A1EnglishResources

    A1EnglishResources New commenter

    Thanks for the info Clifton - have sent an urgent email seeking reassurance to help@tes.com. Could somebody please respond as soon as possible?
  3. cliftonc

    cliftonc Guest

    I should have been clearer above, no author will lose money as a result of this, no withdrawals were processed and we will ensure that all monies withdrawn but held are paid as soon as possible - expect an email later today from the author team with specific actions we want you to take.
    A1EnglishResources likes this.
  4. A1EnglishResources

    A1EnglishResources New commenter

    Thank you very much - that's a huge relief!!
  5. StartEducation

    StartEducation New commenter

    Thanks for the information.
    Mrsmumbles likes this.
  6. sapphire14

    sapphire14 New commenter

    Hi I have just received a very threatening email quoting my username and password for this site which are unique to your forum, so I think you have had a major data breach. Please confirm what action you are taking.
  7. cliftonc

    cliftonc Guest

    @sapphire14 someone from our customer services team will be in touch to get more information so we can look into this fully. We have not had a data breach, and all passwords to tes.com are hashed and stored securely in our database - so even if they have been accessed in some way it is incredibly difficult to reverse it to your actual password.
  8. Vince_Ulam

    Vince_Ulam Star commenter

Share This Page