Facebook and Sequoia India funded Unacademy’s data hacked, says cybersecurity firm
Facebook-funded education technology firm Unacademy's data comprising over 20 million accounts has been hacked by cybercriminals and put up for sale in the dark web, according to cybersecurity firm Cyble.
The hackers have claimed that they have access to the complete database of Unacademy and made a decision to leak only users' accounts at this stage of time, Cyble said.
The cyber intelligence firm added that further leaks are expected in the near future.
"ON, MAY 3, 2020, Cyble Inc found out a threat actor had begun to market an Unacademy user database containing 20 million makes up about USD 2,000. Unacademy is India's major online learning platform. This data breach apparently occurred in January 2020," Cyble claimed.
When contacted, Unacademy co-founder and Chief Technology Officer Hemesh Singh said the business has been closely monitoring the situation and claimed that no sensitive information such as financial data or location has been breached.
"As per our internal investigations, e-mail data of around 11 million users has been compromised as against 22 million explained in reports. That is due to only around 11 million e-mail data of users on the Unacademy platform," Singh said.
He said the company followed stringent encryption methods that could make it unlikely for anyone to decrypt passwords.
"We also follow an OTP-based login system that delivers an additional layer of security to our users," Singh said, adding that the company is undertaking a complete background check and would address any potential security loophole. “We are in communication with our users to keep them updated on the progress,” Singh said.
Facebook, General Atlantic, Sequoia India, Flipkart CEO Kalyan Krishnamurthy, and Nexus Venture Partners have committed to the company.
According to Cyble, this breach can have an impact on security of others as well.
"Cybercriminals are always searching for such breaches and utilise them for credential stuffing attacks. We've seen accounts/records with names of domain from Infosys, TCS, Cognizant, Reliance Industries, HDFC, Accenture, ICICI, SBI, Canara Bank, Bank of Baroda, Punjab National Bank and several other large organisations," Cyble said.