During the last years, the use of virtual learning frameworks has increased in the academic community. On account of the requirements derived from the Bologna process, many European universities started to change their education systems to new ones based on information and communication technologies. Those systems are most times based on web environments where the security is an essential issue. In this contribution, we provide an introduction about the e-learning platform Moodle, as well as an overview of the most important attacks against this system. Then, we focus on a specific type of attack that allows illegitimate users to obtain the username and password of other users when making a course backup in some specific versions of Moodle. In order to illustrate this information we describe a real attack against a Moodle 1.9.2 installation, which should encourage Moodle administrators to update their versions or backup configurations in case they are affected by the vulnerability described in this work. We complete our contribution with a list of security recommendations that can be used to secure any Moodle installation. 1