Unknown Hackers Breach Popular Online learning Platform, Unacademy, Put Information Of 22 Million Users On Sale
Unknown hackers managed to gain access to the Unacademy servers and steal records of 22 million students. Unacademy one of the most popular online learning platform in India. It has around 25 million students enrolled for various online courses it offers.
According to a report by cyber intelligence firm Cyble, its security team of researchers discovered, that on May 3, the company’s database containing personally indefinable information of customers such as usernames, names, and email IDs was being sold for $2,000. Cyble said that the post advertised 20 million records, the database had 21,909,707 user-records.
The report says that Unacademy was compromised in January 2020, and the hacker apparently had access to the complete database. “However, they decided to only leak users’ accounts at this point in time, further leaks are expected in the near future,” Cyble said in its blog post. “Along with disclosing the data breach, Cyble has also acquired the leaked database which approximately contains 22 million (21,909,709) Unacademy’s user account details,” Cyble added
The stolen database includes usernames, SHA-256 hashed passwords, email addresses, first and last names, login location and timings, account profile (staff member/a superuser), account status (whether the account is active or not). As per a report by Bleeping Computer, the stolen cache also contains corporate emails from companies such as Wipro, Infosys, Cognizant, Google, and Facebook.
The company’s co-founder, Gaurav Munjal, acknowledged the breach without specifying the number of users affected. He added that no financial data or location was compromised and the company is monitoring the situation.
Unacademy is funded by Facebook, General Atlantic, Sequoia India, Flipkart CEO Kalyan Krishnamurthy, and Nexus Venture Partners and is one of the fast-emerging startups in India.
If you’re an Unacademy user, it’s strongly advisable that you change your password. And if you’re using the same password on other sites, you should change your credentials on those sites too.