A database holding 22 million in user records for India-based online leaning site Unacademy has suffered a data breach. The data dump is said to contain contacts belonging to workers from a host of organizations including Wipro, Infosys, Cognizant, Google and Facebook, its investor.
According to Cyble, the US-based cyber intelligence firm that exposed the data breach, the cyber-attack by unknown cybercriminals saw the stolen records being posted for sale on the dark web. Reportedly, the user records include usernames, passwords, joining dates, last login dates, account statuses, email addresses, full names and related account profile details were being sold for $2,000 on the darknet platforms.
Millions of Users Affected
Unacademy, which was established in the year 2010, boasts of a large user base who benefit from the platform’s video tutorials and the more than 14,000 teaching instructors and more than 20 million registered virtual learners.
According to reports focusing on details of the data breach, it is believed that a majority of the Unacademy accounts were opened using workplace emails, an aspect that advanced the value of the stolen data to cybercriminals.
In this regard, it was easy for the hackers to separate registered Unacademy learners from the organizations mentioned in the beginning of this article. Certainly, in case these users used the same passwords in their Unacademy accounts as those on their workplace networks, this mistake may allow cybercriminals to target their corporate networks as well.
The Unacademy Co-founder and Chief Technology Officer (CTO) Hemesh Singh confirmed the data breach and intimated that only 11 million Unacademy users were targeted in the cyber-attack. However, according to the officer, the database of user records did not contain sensitive data such as financial credentials, location information and passwords.
Singh’s comments were captured in a media statement that intimated that the firm was closely monitoring the situation and discovered that only basic user information was affected. This relief is brought about by the fact that Unacademy uses strict encryption methods through the PBKDF2 algorithm with a SHA256 hash, an aspect that makes it exceedingly difficult for threat actors to access user passwords.
Further, according to the Unacademy CTO, the learning platform adheres to an OTP-based login system that creates an additional layer of security to its users. The Facebook-funded firm has said that it embarked on a thorough background check to address any potential security shortfalls in an effort to further bolster its system security.
Nonetheless, according to BleepingComputer, the cybercriminals have provided a rather conflicting statement concerning the data breach. The hackers have reported that they have succeeded in stealing much more information than the user database of basic information.
The threat actors have alleged that they have acquired the entire database, only that they opted to put up the user records up for sale on the dark web at this time.
This back-and-forth about the data breach may mean that the threat actors have caused more damage than Unacademy admits. In fact, the fact that the hackers seem to be holding back other user records may mean that the database has possibly more value than just stolen user records.
At this point, no one knows what the extra data includes.
What’s Next for Unacademy Users?
All registered Unacademy users should consider changing their passwords to the site. In case their Unacademy passwords are the same ones used to login to other platforms, users should change the passwords and adopt unique ones.
Users should also stay vigilant to the possibility of an emergence of phishing emails pretending to be from Unacademy.
Otherwise, users can visit Cyble’s ambibreached.com to verify whether their accounts were among the ones affected by the data breach.
You can join the discussion on Dread and Tape forum