Online learning platform Unacademy has suffered a data breach after a hacker gained access to their database and started selling the account information for close to 22 million users.
Unacademy, one of the largest Indian online learning platforms suffered a data breach, and hackers are selling the account information for close to 22 million users. Experts from security firm Cyble Inc discovered that a threat actor is offering the user database, containing 21,909,707 records, for $2,000. The analysis of creation data for the records in the database revealed that the last creation date is January 26th, 2020, a circumstance that suggests that the hack took place in the same period.
Recently the company raised $110 million in funding from General Atlantic, Sequoia, and Facebook, it is evaluated more than $500 million.
Exposed records include usernames, hashed passwords (SHA-256), date joined, last login date, email addresses, first and last names, account profile (staff member/a superuser), account status (whether the account is active).
BleepingComputer contacted some Unacademy users and verified that the data is authentic.
Cyble attempted to report its discovery to Unacademy wihtout success.
According to BleepingComputer that reached the hackers they have stolen much more than just the user database.
Cyble pointed out that it has acquired the database and added the user records to its data breach monitoring service amibreached.com.
Unacademy users can use the service to determine whether their account was included in the dump.
Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
(SecurityAffairs – Unacademy, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.