Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Unacademy hacked: Data of 20 million users up for sale

Unacademy Breach dates back to January, hacker claims to have access to entire the database 

Facebook backs Indian education startup Unacademy | TechCrunch

Unacademy, one of the largest online learning platforms in India has faced a data breach and details of 22 million users of Unacademy are reportedly available for sale now. The major data breach was exposed by US-based cyber security firm Cyble


What Happened To Unacademy? 

Unacademy database for sale

According to security firm Cyble Inc, a hacker is offering the user database, containing 21,909,707 records, for USD 2,000. Cyble Inc added that it has managed to acquire the database and added the user records to its data breach monitoring service which can be used by millions of Unacademy users to determine whether their account was hacked or not.

According to Cyble, the data breach took place in January 2020, and the hacker is alleged to have access to the entire database of Unacademy. “However, they decided to only leak users’ accounts at this point in time, further leaks are expected in the near future,” Cyble said in its blog post. “Along with disclosing the data breach, Cyble has also acquired the leaked database which approximately contains 22 million (21,909,709) Unacademy’s user account details,” the company added.  

Unacademy user records table

These records include usernames, SHA-256 hashed passwords, date joined, last login date, email addresses, first and last names, and whether the account is active, a staff member, or a superuser.

The data scare was discovered by Cyble on May 3. It informed that the threat actor had begun to sell an Unacademy user database containing 20 million accounts for $2,000.

Unacademy boasts of 14,000 teachers, over a million video lessons, and over 20 million registered users (learners). The company’s investors include Facebook, Sequoia India, SAIF Partners and Blume Ventures.

The exposed database also has numerous accounts using corporate emails, including that of Wipro, Infosys, Cognizant, Google, and Facebook, cyber security portal BleepingComputer reported citing Cyble. “If these users utilise the same passwords on their corporate network it could allow the threat actor to gain access to these networks as well,” it said. 


Confirming the data breach, Hemesh Singh, co-founder and CTO of Unacademy, however, claimed that only 11 million users were affected and that no passwords were exposed. “We would like to assure our learners that no sensitive information such as financial data, location or passwords has been breached… We are doing a complete background check and will be addressing any potential security loophole to further our efforts of ensuring a robust security mechanism. Data security and privacy of our learners is of utmost importance to us and we will be in communication with our learners to keep them updated on the progress,” BleepingComputed quoted from Singh’s statement. 

“We follow stringent encryption methods using the PBKDF2 algorithm with a SHA256 hash, making it highly implausible for anyone to access the learner passwords. We also follow an OTP based login system that provides an additional layer of security to our learners,” Singh stated. 



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us