Adam Labay on Nostr: nprofile1q…7gqp6 Every PowerSchool SIS instance has a "maintenance" account, which ...
nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq8c7wjmr8txk9u3xzrxl5rsx8mpt4dr84nyluufn4qg4x9xnar52qr7gqp6 (nprofile…gqp6) Every PowerSchool SIS instance has a "maintenance" account, which provides god-level access to the system. It's not username/password protected, but rather relies on a token passed from the PowerSource platform. The attacker got a low-level support engineer's PowerSource credentials, and used them to pull maintenance tokens for basically the entire kingdom. From there, ran a script to pull a pair of tables containing student and teacher PII.