A hacker has gained access to the database of edtech startup Unacademy, after the Bengaluru-based firm suffered a breach in January following which contacts of 22 million users were put up for sale on May 3 for $2,000, according to US-based security firm Cyble.
A report on news portal BleepingComputer said the database of Unacademy with details of accounts using corporate email of global companies is now available on the dark web.
Responding to Entrackr’s query, Hemesh Singh, co-founder and CTO of Unacademy said that as per the company’s internal investigations, email data of around 11 million users has been compromised as against 22 million stated in reports. This is on account of only around 11 million email data of users available on the Unacademy platform.
According to Singh, there is no sensitive information such as financial data, location, or passwords leaked.
However, Cyble said that data including usernames, email addresses, passwords, date joined, last login date, first and last names, account profile, and account status were also leaked.
Unacademy said that it follows stringent encryption methods using the PBKDF2 algorithm with a SHA256 hash, making it highly implausible for anyone to access passwords. Besides, it follows an OTP based login system that provides an additional layer of security to its learners.
“We are doing a complete background check and will be addressing any potential security loophole to further bolster our efforts of ensuring a far more robust security mechanism. We are in communication with our users to keep them updated on the progress,” added Singh.
Unacademy has also asked its learners and educators to change their password immediately.
Recently, the Gaurav Munjal-led firm said that it had an 82% surge in revenue in April when compared to the previous month. During the period, it also registered more than 10X growth as compared to April 2019.