Minneapolis, Bloomington schools pause use of learning platform Seesaw after 'inappropriate meme' sent to families

An online learning platform used by many public schools is slowly reenabling messages Thursday after families received a "graphically inappropriate meme."

The app, Seesaw, shut down all messaging capabilities nationwide after individual accounts were hacked late Tuesday, according to a statement from the company. Minneapolis and Bloomington public schools sent out messages to parents Wednesday notifying them of the issue and advising them to delete suspicious messages on the platform.

The issue affected schools nationwide. Seesaw is used by more than 10 million teachers, students and family members every month at more than 75% of schools in the country, according to the service's website.

Several families in the Bloomington Public Schools district received the inappropriate image, according to a message from John Weisser, the district's executive director of technology and information services.

Weisser said the district's system has not been breached.

"We know situations like this can be concerning for you," he said in the message.

In an email to parents, Minneapolis Public Schools officials apologized to any families that received inappropriate content through Seesaw and advised them to immediately delete any such messages.

Seesaw officials said the company was not compromised, but some individual accounts were and then used to send the inappropriate message.

"Our team continues to monitor the situation and are now slowly reenabling Messages," the company said in a statement. "Seesaw's mission is to create an environment where students can be their best and we're deeply distressed by the impact on our community by these appalling actions."

The accounts were compromised as a result of a "coordinated attempt to guess user account passwords," according to the statement. In that type of attack, previously compromised emails and passwords that are re-used across different websites were used to gain access to the Seesaw accounts.

"We have no evidence to suggest this attacker performed additional actions or accessed data in Seesaw beyond logging in and sending a message from these compromised accounts," the statement said.

The service immediately disabled the messaging feature when the attack was identified and removed the message from accounts where it originated. The company also reset the passwords of all accounts that are known to have been compromised.