According to the researchers who discovered the exposure, the issue affected K12.com's A+nyWhere Learning System (A+LS), which is utilized by more than 1,100 school districts in the US. The database was misconfigured, resulting in it being publicly accessible and discoverable on BinaryEdge and Shodan, two search engines that specialize in indexing public-facing databases. The exposure, which was discovered on June 25th, first occurred on June 23rd and wasn't fixed until July 1st.

It's become shockingly common for misconfigured databases to expose huge swaths of personal information collected and held by companies. Just in the last few months, public-facing databases have exposed contact information for Instagram influencers, the medical records of rehab patients, subscribers to AMC Networks premium services. In one instance, a database containing sensitive information on more than 80 million households in the US was discovered. In these cases, it's difficult to determine if anyone malicious accessed the information.