Popular online educational platform Unacademy, with a user base of 14,000 teachers, a million video lessons, and 20 million registered learners is hacked. Database including usernames, emails addresses, passwords, date joined, last login date, first and last names, account profile and account status of around 22million users of Unacademy were put up for sale on darkweb for $2000.
Reports state, Unacademy suffered a breach in January after which the database, with the contacts of employees of Wipro, Infosys, Cognizant, Google and Facebook, were put up for sale on May 3.
In a statement, Hemesh Singh, Co- Founder and CTO, Unacademy said, “As per our internal investigations, email data of around 11 million users has been compromised as against 22 million stated in reports. This is on account of only around 11 million email data of users available on the Unacademy platform. We have been closely monitoring the situation and would like to assure our users that no sensitive information such as financial data or location has been breached. Data security and privacy protection of our users is of utmost importance to us and we are doing everything possible, to ensure no personal information is compromised. We follow stringent encryption methods using the PBKDF2 algorithm with a SHA256 hash, making it highly implausible for anyone to decrypt passwords. We also follow an OTP based login system that provides an additional layer of security to our users. “
The security firm Cyble, however warned that the hackers are only putting up the user records up for sale at this time and may have access to more information. Also recommended registered Unacademy learners and educators to immediately change their passwords on the site.
Adcy.io further reiterates, change account password immediately, use unique, complex and strong password, avoid using same password for all services used, enable 2 factor authentication to stay protected.