Unacademy database hacked in January, found to be put up for sale on Dark Web, says US based cybersecurity firm
DELHI: On Thursday, a US-based cybersecurity firm- “Cyble” reported that the database of around 22 million users of Unacademy with contacts of employees of Wipro, Infosys, Cognizant, Google and its investor Facebook is up for sale on the darkweb. The online education application Unacademy had suffered a breach in January following which contacts were now found to be put up for sale on May 3 for $2000 by the hackers.
According to Cyble, it was able to discover the Unacademy database available for purchase on the dark Web on May 3. The exposed database of 2,19,09,707 users includes usernames, emails addresses, passwords, date joined, last login date, first and last names, account profile and account status (whether the account is active).
Co- Founder and CTO of Unacademy, Hemesh Singh said in a statement that, “As per our internal investigations, email data of around 11 million users has been compromised as against 22 million stated in reports. This is on account of only around 11 million email data of users available on the Unacademy platform. We have been closely monitoring the situation and would like to assure our users that no sensitive information such as financial data or location has been breached. Data security and privacy protection of our users is of utmost importance to us and we are doing everything possible, to ensure that no personal information is compromised. We follow stringent encryption methods using the PBKDF2 algorithm with a SHA256 hash, making it highly implausible for anyone to decrypt passwords. We also follow an OTP based login system that provides an additional layer of security to our users. “
Recently, Unacademy raised a Series F round of funding of $110 million from key investors that include Facebook, General Atlantic and Sequoia.
According to Cyble, the hackers are only putting up the user records up for sale at this time and may have access to more information. The firm recommended that registered Unacademy learners and educators immediately change their passwords on the site.