Online learning platform Unacademy hacked, details of 22 million users available for sale

Unacademy, one of the largest online learning platforms in India has faced a data breach and details of 22 million users of Unacademy are reportedly available for sale now. According to security firm Cyble Inc, a hacker is offering the user database, containing 21,909,707 records, for USD 2,000. Cyble Inc added that it has managed to acquire the database and added the user records to its data breach monitoring service which can be used by millions of Unacademy users to determine whether their account was hacked or not.

Online learning platform Unacademy hacked, details of 22 million users available for sale

Unacademy, one of the largest online learning platforms in India has faced a data breach and details of 22 million users of Unacademy are reportedly available for sale now. According to security firm Cyble Inc, a hacker is offering the user database, containing 21,909,707 records, for USD 2,000. Cyble Inc added that it has managed to acquire the database and added the user records to its data breach monitoring service which can be used by millions of Unacademy users to determine whether their account was hacked or not.

Recently Unacademy succeeded in raising as much as USD 110 million in funding from General Atlantic, Sequoia, and Facebook. The company's value is evaluated more than USD 500 million.

It is learnt that the breached records include usernames, hashed passwords (SHA-256), date joined, last login date, email addresses, first and last names, account profile (staff member/a superuser), account status (whether the account is active).

BleepingComputer got in touch with some users of Unacademy learning app and verified that the hacked data is authentic. BleepingComputer also claimed that the hackers have stolen much more than just the user database.

Unacademy Co- Founder and CTO Hemesh Singh confirmed the data breach but added that all sensitive information of the learners are safe. "We have been closely monitoring the situation and can confirm that basic information related to around 11 million learners has been compromised. However, we would like to assure our learners that no sensitive information such as financial data, location or passwords has been breached. We follow stringent encryption methods using the PBKDF2 algorithm with a SHA256 hash, making it highly implausible for anyone to access the learner passwords. We also follow an OTP based login system that provides an additional layer of security to our learners. We are doing a complete background check and will be addressing any potential security loophole to further our efforts of ensuring a robust security mechanism. Data security and privacy of our learners is of utmost importance to us and we will be in communication with our learners to keep them updated on the progress," said Hemesh Singh.

 

According to Unacademy, over 300,000 students have benefited from over 2,400 online lessons and specialised courses available on the learning platform to clear different competitive examinations. "We have on board some of the top educators in the country, including Kiran Bedi, India's first woman IPS officer and now the Governor of Pondicherry. With over 2 million views every month, we are touching the lives of people in the remotest corners of the country," said Unacademy on its website.