(Updated) Hacker sells 22 million Unacademy user records after data breach; Unacademy confirms 11 million compromised
Lawrence Abrams reports:
Online learning platform Unacademy has suffered a data breach after a hacker gained access to their database and started selling the account information for close to 22 million users.
Unacademy is one of India’s largest online learning platforms boasting 14K teachers, over a million video lessons, and over 20 million registered users (learners).
Read more on BleepingComputer.
Update: Following publication of this post, Unacademy contacted DataBreaches.net to request we include this statement from them:
Hemesh Singh, Co- Founder and CTO, Unacademy said, “We have been closely monitoring the situation and can confirm that basic information related to around 11 million learners has been compromised. However, we would like to assure our learners that no sensitive information such as financial data, location or passwords has been breached. We follow stringent encryption methods using the PBKDF2 algorithm with a SHA256 hash, making it highly implausible for anyone to access the learner passwords. We also follow an OTP based login system that provides an additional layer of security to our learners. We are doing a complete background check and will be addressing any potential security loophole to further our efforts of ensuring a robust security mechanism. Data security and privacy of our learners is of utmost importance to us and we will be in communication with our learners to keep them updated on the progress.”