School Messaging App Hacked to Spam Parents Nationwide With the Goatse Meme [UPDATE]

A hacker used Seesaw to share the infamous shock-site photo with an unknown number of incensed parents.

We may earn a commission from links on this page.
Image for article titled School Messaging App Hacked to Spam Parents Nationwide With the Goatse Meme [UPDATE]
Photo: Dmytro Tyshchenko (Shutterstock)

An all-time hall-of-fame NSFW spam event occurred this week: a hacker broke into a school messaging app to send a picture of a guy’s gaping sphincter to the parents of young school children across the country.

The episode involved Seesaw, an “interactive learning platform” and messaging app that helps elementary schools communicate with parents and students. Used by districts throughout the country, Seesaw’s tag line is: “Elevate Learning in Elementary.” The company’s website says that it has a monthly user base of more than 10 million teachers, students, and family members.

Typically, the app is used by teachers and administrators to share lesson plans, school updates, and other important info. But this week, parents nationwide began receiving messages featuring something fairly different: an image of a man bending over and spreading his butt cheeks wide open. NBC originally reported the incident, and Motherboard later revealed the nature of the image that was shared. It is believed that the image may have been sent to parents in states as far flung as Colorado, Illinois, Pennsylvania, Michigan, Minnesota, Kansas, South Dakota, and New York.

Advertisement

On Wednesday, Seesaw issued a short statement confirming that it had been hacked. “It was brought to our attention that a link to an inappropriate image was being shared via the Seesaw Messages feature. It appears that specific accounts were compromised by an outside actor,” the company tweeted. After becoming aware of the problem, Seesaw temporarily disabled its messaging feature to halt any further distribution of the heinous image. As of Thursday, the feature had been reactivated.

In other updates, Seesaw has further clarified that the company itself was not hacked but that individual user accounts (presumably belonging to teachers or administrators) were compromised via a coordinated credential stuffing attack. Seesaw said that “widely available compromised emails/passwords that were reused across services” were employed by the hackers to log in to specific accounts and send the explicit pic.

Advertisement

It’s not exactly clear who is responsible for this debauched madness, but one thing is for sure: Seesaw’s Twitter account has been awash with complaints from what appear to be angry parents. “This was horrendous and I hope you can let all users know how it happened and what measures have been taken to prevent it happening again,” said one user.

“How will you help to clear the name of the innocent people whose integrity was tarnished by this?” another hilariously asked.

Advertisement

Yet another user summed things up nicely: “Butthole pics being sent out via seesaw. Don’t open unless you want to see an asshole up close.”

The trend of cybercriminals hacking schools to share NSFW material is well known. Hackers will commonly infiltrate school district Zoom meetings or websites to share porn and other offensive material.

Advertisement

In this particular case, Motherboard reports that the image shared with parents appears to have been the infamous “Goatse” meme. Don’t know what that is? Here’s a quick refresher.

Goatse is an old “shock site” that originally launched back in 1999; the site just said “hello” and featured an image of an asshole being spread open. Shock sites, which typically feature a single gross-out image or video, were pretty popular back in the mid-2000s (see “Meatspin,” for another example). At some point, Goatse became a meme and was shared widely throughout the internet. The developers behind the original site also eventually tried to turn the image into a cryptocurrency token. In 2017, the website began advertising the launch of a “Goatse Coin,” though it’s unclear whether that token ever actually materialized. The website has flirted with other Web3 endeavors over the years and appears to have launched an NFT collection at some point.

Advertisement

It’s unclear just how many people were spammed with the notorious butthole image, so we reached out to Seesaw to try to get more information on the incident. We will update this story if they respond.

____________

UPDATE 7:45 p.m. ET: A spokesperson for Seasaw reached out to Gizmodo to explain that “less than 0.5% of Seesaw users” were affected by the hacking incident. That still could be...sorta a lot of people, given the supposed volume of the app’s user base. The spokesperson also provided an updated statement on the incident, which reads, in part:

“Seesaw was subjected to a coordinated “credential stuffing” attack. Seesaw was not compromised; however, an isolated number of Seesaw user accounts were compromised in this attack, and only a portion of those were able to send the inappropriate message before the attack was blocked...We have no evidence to suggest this attacker performed additional actions or accessed data in Seesaw beyond logging in and sending a message from these compromised accounts. ”

Advertisement

There you have it, folks.