Unacademy, one of India’s largest learning sites, has suffered a data breach with records of more than 22 million users was put up for sale on the dark web.
According to a report by cyber intelligence firm Cyble, its team of researchers discovered, that on May 3, the company’s database containing personally indefinable information of customers such as usernames, names, and email IDs was being sold for $2,000. Cyble said that the post advertised 20 million records, the database had 21,909,707 user-records.
As per a report by Bleeping Computer, it also contains corporate emails from companies such as Wipro, Infosys, Cognizant, Google, and Facebook.
Cyble’s report said that records on the database go back to January, likely when the hackers breached the system. It added that hackers claimed to have access to the company’s entire database.
The company’s co-founder, Gaurav Munjal, acknowledged the breach without specifying the number of users affected. He added that no financial data or location was compromised and the company is monitoring the situation.
We follow stringent encryption methods using the PBKDF2 algorithm with a SHA256 hash, making it highly implausible for anyone to decrypt your passwords. I would still advice you to change your password on other platforms if you were using the same password at multiple places.
— Gaurav Munjal (@gauravmunjal) May 7, 2020
We’ve reached out to Unacademy for more details, and we’ll update the story when we hear back.
If you’re an Unacademy user, it’s strongly advisable that you change your password. And if you’re using the same password on other sites, you should change your credentials on those sites too.