Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Unacademy hacked: Data of 20 million users up for sale

Unacademy Breach dates back to January, hacker claims to have access to entire the database 

Facebook backs Indian education startup Unacademy | TechCrunch

Unacademy, one of the largest online learning platforms in India has faced a data breach and details of 22 million users of Unacademy are reportedly available for sale now. The major data breach was exposed by US-based cyber security firm Cyble

 

What Happened To Unacademy? 

Unacademy database for sale

According to security firm Cyble Inc, a hacker is offering the user database, containing 21,909,707 records, for USD 2,000. Cyble Inc added that it has managed to acquire the database and added the user records to its data breach monitoring service which can be used by millions of Unacademy users to determine whether their account was hacked or not.

According to Cyble, the data breach took place in January 2020, and the hacker is alleged to have access to the entire database of Unacademy. “However, they decided to only leak users’ accounts at this point in time, further leaks are expected in the near future,” Cyble said in its blog post. “Along with disclosing the data breach, Cyble has also acquired the leaked database which approximately contains 22 million (21,909,709) Unacademy’s user account details,” the company added.  

Unacademy user records table

These records include usernames, SHA-256 hashed passwords, date joined, last login date, email addresses, first and last names, and whether the account is active, a staff member, or a superuser.

The data scare was discovered by Cyble on May 3. It informed that the threat actor had begun to sell an Unacademy user database containing 20 million accounts for $2,000.

Unacademy boasts of 14,000 teachers, over a million video lessons, and over 20 million registered users (learners). The company’s investors include Facebook, Sequoia India, SAIF Partners and Blume Ventures.

The exposed database also has numerous accounts using corporate emails, including that of Wipro, Infosys, Cognizant, Google, and Facebook, cyber security portal BleepingComputer reported citing Cyble. “If these users utilise the same passwords on their corporate network it could allow the threat actor to gain access to these networks as well,” it said. 

Conclusion

Confirming the data breach, Hemesh Singh, co-founder and CTO of Unacademy, however, claimed that only 11 million users were affected and that no passwords were exposed. “We would like to assure our learners that no sensitive information such as financial data, location or passwords has been breached… We are doing a complete background check and will be addressing any potential security loophole to further our efforts of ensuring a robust security mechanism. Data security and privacy of our learners is of utmost importance to us and we will be in communication with our learners to keep them updated on the progress,” BleepingComputed quoted from Singh’s statement. 

“We follow stringent encryption methods using the PBKDF2 algorithm with a SHA256 hash, making it highly implausible for anyone to access the learner passwords. We also follow an OTP based login system that provides an additional layer of security to our learners,” Singh stated. 

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us