Pixabay
Indian edtech startup WhiteHat Jr, which has found itself in a potboiler of controversies recently, had a bug in its system, making its data of over 2.8 lakh students vulnerable. On November 25, the Quint quoted a security researcher who reported the bug to WhiteHat Jr, who said, "According to what I found out the personal data of over 2.80 lakh students including names of their parents were lying exposed due to a vulnerability on the company's server-side."
WhiteHat Jr said that all vulnerabilities were fixed within 24 hours and stressed that there was no data leak.
According to the security researcher, WhiteHat Jr's back-end server was left open, allowing access to student names, age, gender, images, user IDs, parents' names, and progress reports. The report also said that access to the company's AWS servers was restricted as of November 20.
One of India's popular e-grocery startups, BigBasket, has faced a security breach that compromised almost 20 million users' data. The blog by cybersecurity research firm Cyble said that their research team found the database of BigBasket being sold for over $40,000 in the cyber-crime market.
BigBasket admitted that a breach had happened. While BigBasket had said it was evaluating the breach, there has been no update on the same.
Cyble said that the hacked data could mean that crucial information like users' full names, email IDs, password hashes (potentially hashed OTPs), pin, contact numbers (mobile + phone), complete addresses, date of birth, location, and IP addresses of login could have been leaked.
During the coronavirus lockdown, another hyperlocal delivery startup, Dunzo, had reported a breach in its user data. In July 2020, the personal data of 3.4 million users of Dunzo was exposed.
"Our investigation so far suggests that the servers of a third party we work with were compromised. This allowed the attacker to get unauthorized access and breach our database. This database contained a user phone number and email address information. No payment information like credit card numbers was compromised as we do not store this data on our servers," Dunzo had said in a statement then.
Edtech unicorn Unacademy had reportedly suffered a data breach in January 2020, according to security research firm Cyble which left data of over 22 million users up for sale.
Another edtech startup Edureka had suffered a data breach in September 2020, which potentially left data including names, addresses, phone numbers of at least 2 million users, according to a team of security experts from SafetyDetectives. The startup's data breach had occurred because it left a server open without being protected by a password.
Copyright © 2023. Times Internet Limited. All rights reserved.For reprint rights. Times Syndication Service.