Database of Indian edtech company Unacademy was compromised and data of its nearly 22 million users was on sale on the dark web. Even though there are multilayer security features in place, the company has urged its users to immediately change their login passwords.
Crux of the Matter
Data Breach Unacademy, a Bangalore based edtech startup has been hacked by an anonymous hacker. The hacker has sensitive data of 22 million of its users. The data was on sale on the dark web at $2000 only. Data comprised of usernames, email addresses, passwords, date joined, last login data, first and last names, account profile, and account status. More importantly, the compromised database also includes data of employees of Facebook, Cognizant, Google, Wipro, and Infosys. So far only user account details have been leaked by hackers but potential leaks are expected in the future as the hacker has made claims of having the entire database of Unacademy.
We have been closely monitoring the situation and can confirm that basic information related to around 11 million learners has been compromised. However, we would like to assure our learners that no sensitive information such as financial data, location or passwords has been breached. Data security and privacy of our learners is of utmost importance to us and we will be in communication with our learners to keep them updated on the progress. Hemesh Singh, Co- Founder and CTO, Unacademy
Response To Breach Breach occurred in January as per US-based cyber intelligence firm Cyble. Unacademy stated that data of only 11 million of its users was compromised. As an immediate response to the breach, the company has said that it has enhanced security measures in place: a) Stringent encryption methods using SHA256 hash to safeguard the data b) additional layer of protection using an OTP based login system. The company has also urged all its users to change their login passwords immediately.
What is Dark Web? Unacademy hacker put the data on sale on the dark web, a network of untraceable online activity, and web searches. Dark web requires specific software, configurations, and authorization to access and it cannot be accessed using common search engines. Illegal media and black market are the most commonly hosted content on it. It is hosts Botnet, Bitcoins, hackers, whistleblowers, etc. Recently, an ethical hacker reported loopholes in the Aarogya Setu app that has a large database of millions of users of India. It seems that as Coronavirus forces people to resort to online classrooms and services, companies will require more robust security measures.
Curiopedia
Unacademy is valued at more than $500 million after it got fundings from social media giant Facebook and private equity firm General Atlantic. Other investors in Unacademy’s portfolio are Sequoia India, Nexus Venture Partners, Steadview Capital, and Blume Ventures.
In February this year, a Singapore based cybersecurity company detected that a database of more than 4,50,000 Indian debit and credit cards was on sale on the dark web. 98% of it were from the “biggest Indian banks”. The whole database was valued at $4.2 million ($9 apiece) and was listed on the Joker’s Stash – one of the most popular underground card shops.
The dark web was actually created by the US government to allow spies to exchange information completely anonymously. US military researchers developed the technology, known as Tor (The Onion Router) in the mid-1990s and released it into the public domain for everyone to use. It’s called The Onion Router because it uses the technique of onion routing – making websites anonymous through layers of encryption.
Curated Coverage
Comments