Friday, July 19, 2024

India’s Largest Online Education Platform’s Unacademy Hacked and 22M Users Data Exposed on Dark Web

Recently, India’s largest e-learning platform, Unacademy, which is based in Bangalore, is reported to be hacked, hackers gained access to Unacademy’s, and to steal more than 22 million users’ data. 

The popular Cyber ​​Security firm, Cyble Inc. has reported about this massive data breach, and according to the security reports, all these stolen details have also been made available for sale on the Dark Web.

The security firm, Cyble has reported that 21,909,707 data of Unacademy have been breached, and this massive data breach is worth the US $2,000.

Unacademy India’s largest e-learning platform, which has recently received funding from Facebook, General Atlantic, and Sequoia. Apart from this, currently, Unacademy has a market value of 500 million US dollars.

The leaked data includes username, email addresses, hash passwords, joining or previous login date, and many more details.

And not only that, even the security company Cyble and the security portal, investigated the whole matter and the data beached by hackers in which they found corporate-level data as well.

  • ID
  • Encrypted password
  • username
  • Email address
  • First Name
  • Last Name
  • Date Joined
  • Last Login
  • Is_Staff
  • Is_Active
  • Is_superuser

The investigation of these two security portals has revealed, apart from the above information, the breached data also included the details of several employees working at Wipro, Infosys, Cognizant, Google, Facebook, Reliance Industries, HDFC, Accenture, ICICI, SBI, Canara Bank, Bank of Baroda, Punjab National Bank and several other large companies.

In this type of situation, the corporate network of these companies is under significant security threat.

While the co-founder and CTO of Unaccademy, Hemesh Singh, has confirmed the data breach and claimed that students’ information is now safe.

Here’s what the co-founder and CTO of Unaccademy, Hemesh Singh has stated “We are closely monitoring the situation, and we believe that some information of 11 million students has been leaked against the 22 million stated in reports. This is on account of only around 11 million e-mail data of users available on the Unacademy platform.”

Generally, Unacademy uses the PBKDF2 algorithm to keep the data encrypted; it’s a security mechanism used to reduce vulnerabilities to brute force attacks. Moreover, the co-founder and CTO of Unaccademy, Hemesh Singh, has also said that the Unacademy also uses OTP-based login systems for an additional layer of security.

Recommendations of Cyble

  • Users should immediately change their passwords.
  • Activate the Two-factor authentication security feature.
  • Use a strong and complex password.
  • Avoid using their corporate email addresses on third party services.
  • Users should closely monitor their financial transaction records as well, simply to find any suspicious activities.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Hackers Claiming Dettol Data Breach: 453,646 users Impacted

A significant data breach has been reported by a threat actor known as 'Hana,'...

CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users,...

Operation Spincaster Disrupts Approval Phishing Technique that Drains Victim’s Wallets

Chainalysis has launched Operation Spincaster, an initiative to disrupt approval phishing scams that have...

Octo Tempest Know for Attacking VMWare ESXi Servers Added RansomHub & Qilin to Its Arsenal

Threat actors often attack VMware ESXi servers since they accommodate many virtual machines, which...

TAG-100 Actors Using Open-Source Tools To Attack Gov & Private Orgs

Hackers exploit open-source tools to execute attacks because they are readily available, well-documented, and...

macOS Users Beware Of Weaponized Meeting App From North Korean Hackers

Meeting apps are often targeted and turned into weapons by hackers as they are...

Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles