Over 100,000 files, including student information from the British Council, were discovered on the internet. A cybersecurity firm uncovered an unprotected Microsoft Azure blob on the internet that exposed student names, IDs, usernames, email addresses, and other sensitive information. The British Council is well recognized for providing the IELTS standardized language exam, which promotes the study of British culture and the English language across the world.
British Council, a global organization dedicated to promoting British culture, the English language, and educational opportunities, was recently found to expose more than 144,000 files containing student details. Clario, a cyber security firm, and security researcher Bob Diachenko found the breach in December 2021 and promptly informed the British Council of their findings.
The British Council, which has offices in over 100 countries, has been nicknamed the UK foreign policy’s ‘soft power‘ arm. Although the UK government partially supports the non-profit through a grant, most of its revenue comes from teaching, tests, partnerships, and tendered contracts.
In addition to TOEFL, the organization conducts the International English Language Testing System (IELTS), the world’s most well recognized standardized English language examination. According to researchers, a public search engine indexed an unsecured Azure blob container that held hundreds of Excel spreadsheets and XML/JSON files readable by everyone.
Thousands of British Council English course learners and students worldwide have their personal information stored in these files. The following information was made public:
- Full name
- Email address
- Student status
- Student ID
- Enrollment dates
- Duration of study
- Notes
The researchers state that it is unknown how long this data was available online to the public without authentication.
