11 million Unacademy user accounts were hacked in January — and they are now up for sale on Dark Web

11 million Unacademy user accounts were hacked in January — and they are now up for sale on Dark Web
Flickr

  • According to cyber intelligence firm Cyble, the database of nearly 22 million learners on the edtech platform Unacademy was compromised in January 2020 and went up for sale on Dark Web a few days ago.
  • That includes professionals from Wipro, Infosys, Cognizant, Google and Facebook.
  • Unacademy confirmed Business Insider that database of 11 million learners was hacked — but no sensitive information was compromised.
  • The company is now conducting an aggressive background check for any loopholes or security threats.
The database of nearly 22 million learners on the edtech platform Unacademy was compromised in January 2020 and went up for sale on Dark Web a few days ago. That includes professionals from Wipro, Infosys, Cognizant, Google and Facebook.

According to a cybersecurity intelligence firm Cyble, these contacts were put up on sale for $2,000 on May 3. This includes account details such as username, email address, password, profile, and login location and timings.

While the startup confirmed Business Insider that the data breach happened, it said that no sensitive information was compromised. The database of 11 million learners was compromised.
Advertisement

"As per our internal investigations, email data of around 11 million users has been compromised as against 22 million stated in reports. This is on account of only around 11 million email data of users available on the Unacademy platform," the company said.

"We have been closely monitoring the situation and would like to assure our users that no sensitive information such as financial data or location has been breached. Data security and privacy protection of our users is of utmost importance to us and we are doing everything possible, to ensure no personal information is compromised," said Hemesh Singh, Co- Founder and CTO, Unacademy.

The company is now conducting an aggressive background check for any loopholes or security threats.
Advertisement


We follow stringent encryption methods using the PBKDF2 algorithm with a SHA256 hash, making it highly implausible for anyone to decrypt passwords. We also follow an OTP based login system that provides an additional layer of security to our users," Singh elaborated.

However, as per the cyber intelligence firm, the intruders have only leaked user account information as of now and the hackers might have more information with regard to these user accounts, adding that the registered learners should change their passwords immediately. The edtech startup has a user base of 10,000 educators and over 13 million learners.

Cyble, which also reported the data breach involving teleconferencing platform Zoom, claims that the database has details of 21,909,709 Unacademy users.
Advertisement

See also:
Meet the Indian on Facebook's oversight board which will police content on Facebook and Instagram
{{}}