Unacademy 22 Million Users Data Hacked
Unacademy Advises to Change your Password Now
Unacademy Hacked, the hackers put 22 Million users Database For Sale on Dark Web. Unacademy is India’s largest online learning platform.
On 3rd May 2020, the U.S. based Cyber Intelligence company Cyble found that some cyber threat actors selling an Unacademy user database containing 20 Million accounts for USD 2000.
Gaurav Munjal, a founder of the company confirms the Unacademy database hacked.
We recently found out that some data pertaining to our users’ basic credentials was compromised. We are monitoring the situation closely and would like to assure you that no sensitive information such as financial data or location has been breached.
— Gaurav Munjal (@gauravmunjal) May 7, 2020
“We follow stringent encryption methods using the PBKDF2 algorithm with a SHA256 hash, making it highly impossible for anyone to decrypt your passwords. I would still advice you to change your password on other platforms if you were using the same password at multiple places,” said, Gaurav.
“Data security and privacy protection of our learners is of utmost importance to us and we will do everything possible, to ensure no personal information is compromised.”
“We assure you that your data is protected and more stringent steps are being taken to ensure that your learning experience on Unacademy is safe and secure,” he added.
According to Bleeping Computers, the database records containing usernames, SHA-256 hashed passwords, date joined, last login date, email addresses, first and last names, and whether the account is active, a staff member, or a superuser.
Hemesh Singh, Cofounder and CTO, Unacademy given statement,
“We have been closely monitoring the situation and can confirm that basic information related to around 11 million learners has been compromised. However, we would like to assure our learners that no sensitive information such as financial data, location or passwords has been breached. We follow stringent encryption methods using the PBKDF2 algorithm with a SHA256 hash, making it highly implausible for anyone to access the learner passwords. We also follow an OTP based login system that provides an additional layer of security to our learners. We are doing a complete background check and will be addressing any potential security loophole to further our efforts of ensuring a robust security mechanism. Data security and privacy of our learners is of utmost importance to us and we will be in communication with our learners to keep them updated on the progress.”
If you are existing Unacademy users, then you need to change your password immediately.
Unacademy is recently raising in funding around USD 110 million from General Atlantic, Sequoia, and Facebook. The company’s value evaluated at more than USD 500 million.
Just a day ago the Godaddy database got hacked.
The companies should hire Cyber Security Experts and starts Bug Hunting programs to grow company network security.