9th May 2020, Kathmandu
India’s largest eLearning platform Unacademy is hacked. The information of users is put up for sale.
Unacademy is an educational platform with a massive user base. It is the world’s largest e-learning educational environment supporting great educators and learners. Moreover, it is accessible to everyone in the world.
The Bangalore-based company has helped over 300,000 students with over 2,400 online lessons. The platform provides specialized courses on cracking various competitive examinations.
User Accounts on Sale on the Dark Web!
According to Cyble, a US-based security firm, a database of around 22 million users of Unacademy is up for sale on Dark Web. The users of this platform consist of employees of giant companies like Wipro, Infosys, Cognizant, and Google. Similarly, the database also contains employees of Unacademy’s investor, Facebook.
Cyble explains that the database of these users contain usernames, email addresses, passwords, last login date, joined date, first and last names. Besides, the database also includes account profile and status (whether the account is active).
“As per our internal investigations, email data of around 11 million users is compromised out of 22 million stated in reports.” said the Co-Founder and CTO of Unacademy, Hemesh Singh.
He further stated, “We have been closely monitoring the situation and would like to assure our users that there is no breach in the sensitive information such as financial data or location.”
The hackers are only putting up the user records up for sale at this time. However, they may have access to more information, claims Cyble.
The firm recommended that registered Unacademy learners and educators immediately change their passwords on the site.
What should the users of the platform do now?
Cyble recommended that registered Unacademy learners and educators immediately do the following:
- Change their passwords on the site
- Change passwords of any other account with a similar password pattern.
- Additionally, implement multi-factor authentication wherever possible.
- Avoid using their corporate email addresses on third party services where possible.
- Closely monitor their financial transaction records to detect any anomalies.
- Register on com, a data breach monitoring platform by Cyble and their social media channels to gain new information and updates regarding this attack, and many others we are tracking actively.
Unacademy also has users from several large organizations like HDFC, ICICI, SBI, Reliance Industries, and Punjab National Bank.