India’s Largest Online Education Platform’s Unacademy Hacked and 22M Users Data Exposed on Dark Web

Recently, India’s largest e-learning platform, Unacademy, which is based in Bangalore, is reported to be hacked, hackers gained access to Unacademy’s, and to steal more than 22 million users’ data. 

The popular Cyber ​​Security firm, Cyble Inc. has reported about this massive data breach, and according to the security reports, all these stolen details have also been made available for sale on the Dark Web.

The security firm, Cyble has reported that 21,909,707 data of Unacademy have been breached, and this massive data breach is worth the US $2,000.

Unacademy India’s largest e-learning platform, which has recently received funding from Facebook, General Atlantic, and Sequoia. Apart from this, currently, Unacademy has a market value of 500 million US dollars.

The leaked data includes username, email addresses, hash passwords, joining or previous login date, and many more details.

And not only that, even the security company Cyble and the security portal, investigated the whole matter and the data beached by hackers in which they found corporate-level data as well.

• ID
• Encrypted password
• username
• Email address
• First Name
• Last Name
• Date Joined
• Last Login
• Is_Staff
• Is_Active
• Is_superuser

The investigation of these two security portals has revealed, apart from the above information, the breached data also included the details of several employees working at Wipro, Infosys, Cognizant, Google, Facebook, Reliance Industries, HDFC, Accenture, ICICI, SBI, Canara Bank, Bank of Baroda, Punjab National Bank and several other large companies.

In this type of situation, the corporate network of these companies is under significant security threat.

While the co-founder and CTO of Unaccademy, Hemesh Singh, has confirmed the data breach and claimed that students’ information is now safe.

Here’s what the co-founder and CTO of Unaccademy, Hemesh Singh has stated “We are closely monitoring the situation, and we believe that some information of 11 million students has been leaked against the 22 million stated in reports. This is on account of only around 11 million e-mail data of users available on the Unacademy platform.”

Generally, Unacademy uses the PBKDF2 algorithm to keep the data encrypted; it’s a security mechanism used to reduce vulnerabilities to brute force attacks. Moreover, the co-founder and CTO of Unaccademy, Hemesh Singh, has also said that the Unacademy also uses OTP-based login systems for an additional layer of security.

Recommendations of Cyble

• Users should immediately change their passwords.
• Activate the Two-factor authentication security feature.
• Use a strong and complex password.
• Avoid using their corporate email addresses on third party services.
• Users should closely monitor their financial transaction records as well, simply to find any suspicious activities.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.