Indian e-learning platform Edureka database leak, about 2 million users data at risk
Edureka is an online education and e-learning platform, privately owned and operated by Brain4ce Education Pvt. Ltd. headquartered in Bangalore. It provides courses in trending technologies like Big data, Cloud computing, blockchain, and artificial intelligence. The platform offers live interactive sessions, masters programs, and postgraduate programs.
According to a report shared to us by SafetyDetective, India based e-learning platform suffered a data breach, which was discovered on August 1st, 2020. The report reads that Edureka ” was discovered to be operating a completely un-secure Elasticsearch server based in the US. The vulnerability meant that more than 25 gigabytes of personal information belonging to around 2 million Edureka users were publicly available until the server was secured”
As the breach was discovered, the security team got further with IP-address checks on specific ports and claimed that the server of the Elasticsearch had no password protection or security wall of any kind. “Mere knowledge of the server’s IP address provided access to the entirety of this particular database,” the team said.
The security research led by Anurag Sen also informed us that the leaked database contained about 45 million records that included users’ PII such as first name, email address, phone numbers, country, along with sensitive technical information such as Auth tokens. The team found that the users that were affected by this breach are mostly from India and also a small number of users from the US.
[Image Source: SafetyDetectives]
As finding the breach to be risking users’ personal details the research team contacted Edureka on 6 August. Unfortunately, the security team did not receive a response from the e-learning platform so they reached out to the Indian Computer Emergency Response Team (CERT-In) on 13 August and the exposed Edureka server.
However, following the report, the Indian based Edureka confirmed the data leak but said its users’ information was not accessed by any malicious actor. “Our infrastructure is on AWS, and we rely on their security insights too. Having said that, we are also doing an in-depth security audit to find and fix any other possible vulnerabilities,”
Well, if you are one of the Edureka subscriber, to be on a safer side, it is recommended to change your passwords of the personal emails and apply a two-factor authentication if available. For more news on tech and cybersecurity stay tuned on Android Rookies by following us on Google News.