Unacademy, India Edutech startup has made the headlines this week, as a global cyber security firm Cyble has reported that the company database has been breached, and it has been put on sale by the attackers.
The company has admitted to the findings, but its founder, Gaurav, claims that no sensitive information of its users was compromised.
“We are monitoring the situation closely and would like to assure you that no sensitive information such as financial data or location has been breached, Gaurav Munjal, Founder, Unacademy tweeted on Thursday.
Some of the researchers from Cyble, with this post, mentioned that around 22 million Unacademy user accounts were affected, and the data bump was now put on sale on the dark web. Moreover, Unacademy claimed that at the time of its internal investigation, they found only email data of around 11 million users was exposed by the attacker. The company is now working on undertaking a full background check of its database and making sure that they don’t leave any more loopholes at the back for anyone to breach.
In just a time span of 6 months, more than 300000 students have benefited from more than 2400 online lessons and specialized courses on cracking various competitive examinations on the platform, for what initially started as a YouTube page in the year 2015, noted the announcement.
The cyber security firm pointed out user data, which includes the ID, username, encrypted password, email address, first name, and last login, among others, were made available at the time of the dump. Thankfully, as Unacademy claimed, none of these related to person financial details, but using their name and email ID, any hacker can easily try to get hold of their bank details by sending them a malicious mail later on.
Cyble revealed that its team is continually monitoring the situation right now for any key developments, with regards to the sale of the data on the dark web and is also likely to inform the company if any transactions are observed in the upcoming days. As for the existing Unacademy users who might be affected by this breach, Cyble is asking them to change their password, enable 2FA, and keep track of their financial books to report any suspected transactions.
