India’s edutech startup Unacademy has the made the headlines this week, as a global cybersecurity firm Cyble has reported that the company’s database has been breached, and it has been put on sale by the attackers. The company has admitted to the findings but its founder, Gaurav Munjal claims that no sensitive information of its users was compromised. “We are monitoring the situation closely and would like to assure you that no sensitive information such as financial data or location has been breached, Gaurav Munjal, Founder, Unacademy tweeted on Thursday.
Researchers from Cyble, through this post, mentioned that around 22 million Unacademy user accounts were affected and the data bump was now put on sale on the dark web. However, Unacademy claimed that during its internal investigation, they found only email data of around 11 million users was exposed by the attacker. The company is now undertaking a full background check of its database and making sure they don’t leave any more loopholes at the back for anyone to breach.
In a span of 6 months, over 300,000 students have benefited from over 2,400 online lessons and specialized courses on cracking various competitive examinations on the platform, for what initially started as a YouTube page in 2015, Cyble mentioned.
The security firm pointed out user data which includes; ID, encrypted password, username. email address, first name and last login among others were made available through the dump. Thankfully, as Unacademy claimed, none of these relates to a persons’ financial details but using their name and email ID, any hacker can easily try to get hold of their bank details by sending them a malicious mail later on.
Cyble said itsteam is continually monitoring the situation for any key developments, with regards to sale of the data on the dark web, and is likely to inform the company if any transactions are observed in the coming days. As for the existing Unacademy users who might be affected by this breach, Cyble is asking them to change their password, enable two-factor authentication and keep track of their financial books to report any suspected transactions.
We’re hoping that Unacademy shares the updates of its findings in the coming days and tries to fix the loophole at the earliest.