A database of around 22 million users of Unacademy with contacts of employees of Wipro, Infosys, Cognizant, Google, and its investor Facebook is up for sale on the dark web.According to US-based security firm Cyble
Unacademy is the India’s Largest Learning Platform.
The Unacademy had suffered from a data breaching where around 22 million users’ data has been hacked and sold on the dark web. It also consists of contacts of Wipro, Google, Infosys, and other known company users’ information.
This breaching was occurred in January and recently on May 3, 2020, it was sold on the dark web for $2000.
The database of users included Usernames, email addresses, passwords, date joined, last login date, first and last names, account profile, and account status (whether the account is active).
“As per our internal investigations, email data of around 11 million users has been compromised as against 22 million stated in reports. This is on account of only around 11 million email data of users available on the Unacademy platform. We have been closely monitoring the situation and would like to assure our users that no sensitive information such as financial data or location has been breached. Data security and privacy protection of our users is of utmost importance to us and we are doing everything possible, to ensure no personal information is compromised. We follow stringent encryption methods using the PBKDF2 algorithm with a SHA256 hash, making it highly implausible for anyone to decrypt passwords. We also follow an OTP based login system that provides an additional layer of security to our users. “Hemesh Singh, Co-Founder, and CTO, Unacademy
According to the Cyble, the hackers are only putting up the user records up for sale at this time although the breaching occurred two months ago and so they doubt that they may have lot more information left.
They also recommended the registered learners and educators of Unacademy to change the passwords immediately and take all the precautions needed.