SACRAMENTO (CBS13) — From Roseville and Yuba City to schools across the country, students and parents are reporting that their virtual classrooms are being hacked. Classes are interrupted, often with racial slurs or adult videos, leaving many wondering how it’s happening and how to stop it.
Some schools use Google Classroom, some use Google Meet or Zoom, and some use a combination of the apps for distance learning. While there is no one way hackers are getting in, there are steps schools can take to keep them out.
“I received a text from my husband who was working with my son, saying the class was just hacked,” said Teresa, a Roseville mom.
First, Teresa said, a racial slur was written on the screen, then an adult video began to play in her son’s classroom zoom last Wednesday.
“[The] teacher ended up shutting down the whole class at that point. And then we immediately received the email from the principal,” she said.
While the hacking was disturbing, she says the Roseville Unified School District did everything right and immediately communicated with parents. She heard from both the principal and the teacher, who reached out offering her contact information if parents or students wanted to talk.
The school district did not respond to CBS13’s request to discuss the hack, though parents say there was another minor incident this week. Teresa says, last week, the school told parents the hack came from outside of the county and IT was working to ensure it didn’t happen again.
In many cases, schools across the region and the country, have identified students purposely sharing their Zoom IDs or Google codes to help hackers to interrupt class as a prank. YouTube influencer @Benoftheweek posted this video where he hacked classes after his followers gave him their codes.
In some cases, the teachers were flustered and simply ended the Zoom. In other cases, the teachers had the frame of mind and enough knowledge of the platform to simply remove the hacker from the meeting and block him from re-entering.
“I think teachers should be mentally preparing (for hacks),” CNET’s Laura Hautala said. “School I.T. departments and school systems in general really need to be thinking about how to train teachers because this is a new system still.”
She notes both Google Meet and Zoom have a waiting room feature that allows the teacher to choose who they let in.
For the most part, the burden is on the teacher to keep hackers out by only allowing in students. But in some cases, hackers are reportedly spoofing their email addresses to make it look like they are a student.
“One clue that’s happening is if you have the same student logged in twice, that’s going to be a problem,” Hautala said. “You know, it’s hard to notice that sort of thing when you’re managing a classroom over the internet.”
Teresa said that was the case in her son’s class last week during the disruptive hack. Students noticed that two students were logged in under the same name. She said it happened again this week, but this time students quickly noticed and the teacher removed the duplicated student before a disruption.
In this Google Classroom Help thread, several parents say and hackers logged into their child’s Google Classroom through their child’s account, impersonating their child. Some of the hacked students were as young as first grade. Hautala says in these cases, the kid’s accounts were likely hacked by someone who gained access to their password.
She notes, it is important for parents of younger kids to ensure that their accounts have strong unique passwords. For older kids, parents should stress the importance of password protection, including best practices like strong unique passwords for each account and never sharing their passwords with friends.
So, what can schools do to prevent hacks?
Instead of just holding class though a standard Google Meet or Zoom meeting, some schools are creating a unique multi-step log-in process that may be cumbersome for students but appears to be increasing security.
For instance, the school creates a unique Google account for each student using a school-provided email and password for the student. Then the student is required to log in to both Google Classroom and a Google Meet or Zoom for School meeting through that school-monitored Google account.
This better enables teachers to utilize the waiting room feature and only admit registered students. It also discourages students from purposely sharing passwords with hackers since they can be easily tracked, and reprimanded, by the school.
For added security, teachers can create a unique zoom meeting for each day’s class, requiring the students to log in to their Google Classroom to access the link/code, which would make it harder for random hackers to find the link and attempt to get in.
In Teresa’s case, she says she appreciates the struggle, and the school’s quick response to parents.
“I don’t expect them to get it all right,” Teresa said. “We’re all just trying to get through this and figure it out.”
“I think communication is the most important thing,” she said.
EDITOR NOTE: This story has been updated with additional links and tips.