WhiteHat Jr admits a bug made their data vulnerable but insists there was no breach and it was fixed in 24 hours

WhiteHat Jr admits a bug made their data vulnerable but insists there was no breach and it was fixed in 24 hours
WhiteHat Jr/Facebook
  • Indian edtech startup WhiteHat Jr, which has found itself in a potboiler of controversies, had a bug in its system that made its data of over 2.8 lakh students vulnerable.
  • A security researcher had pointed out the vulnerability on November 19, and WhiteHat Jr said that all vulnerabilities were fixed within 24 hours.
  • WhiteHat Jr went on to stress that there was no data leak.
Indian edtech startup WhiteHat Jr, which has found itself in a potboiler of controversies recently, had a bug in its system, which made its data of over 2.8 lakh students vulnerable.

On November 25, the Quint quoted a security researcher who reported the bug to WhiteHat Jr, who said, “According to what I found out the personal data of over 2.80 lakh students including names of their parents were lying exposed due to a vulnerability on the company's server side.”

The researcher had pointed out the vulnerability on November 19, and WhiteHat Jr said that all vulnerabilities were fixed within 24 hours. "WhiteHatJr takes security and privacy issues very seriously. We are committed to both our customers and to our compliance with applicable laws. Based on information received from responsible disclosures, we reviewed our setup and worked to patch specific identified vulnerabilities within 24 hours,” said the company.

Advertisement

According to the security researcher, WhiteHat Jr’s backend server was left open which allowed access to student names, age, gender, images, user IDs, parents name, and progress reports. The report also said that the access to the company's AWS servers was restricted as on November 20.

Meanwhile, WhiteHat Jr went on to stress on the fact that there was no data leak. “We reiterate that no breach of data has happened in this context on company's computer systems and networks, out of an abundance of caution we are continuing our investigation to ensure that this is the case. We regularly undertake and continue with various initiatives to strengthen our Security and Privacy set-up and have also retained external security experts to assist us,” said the company.

WhiteHat Jr has been in the news as it has slapped defamation suits on its two biggest critics on social media – Dr Aniruddha Malpani and Pradeep Poonia. The matter is currently in court.

Advertisement

SEE ALSO:
White Hat Jr gets a partial gag order against Pradeep Poonia who now has to defend a ‘hacking’ charge as well

{{}}