The database of Unacademy, a popular online learning platform in India, was hacked in January, putting the information of about 22 million users at risk.
According to US-based cybersecurity firm Cybele, a hacker has ditched the database of Unacademy users to get information about users and started selling them on the Dark Web for $ 2,000 (about Rs. 1,51,800).
The database allegedly contains information on the first and last names of the users, the username of the account, the password with the hash, and the email ID.
Unacademy has confirmed this breach in a statement, although it has also been stated that it contains information on only 11 million i.e. 11 million users.
As reported by BleepingComputer, Cybele discovered the Unacademy database available for purchase on the Dark Web on 3 May.
This database contains records of a total of 2,19,09,707 users.
These records include not only the user’s username and email address information, but also the SHA-256 hashed password, information on the users’ first and last names, and whether the account is active.
It has also been reported that the last user’s account in this database has been created since January 26. This shows that the hacker stole this database from Unacademy’s system in January.
Along with the information of regular users, Cybele has also confirmed that this database also contains the information of the account using a corporate email ID.
The email IDs are reportedly owned by some other companies including Cognizant, Google, Infosys, and Wipro, and even include Facebook, Unacademy’s investor company.
One big fear is that if any affected user was using the same password on their workplace, which they used to sign in to this app, then the hacker could also get access to their professional account.
Hemesh Singh, co-founder, and CTO of Unacademy acknowledged this data breach in a statement to Gadgets 360.
However, he said that according to internal investigations, only 11 million (1,10,00,000) users were affected, rather than about 22 million users reported by Saibal.
If you are also an Unacademy user then take these steps immediately
If you also use the Unacademy platform, change your password immediately.
If you are using the same password in all your online accounts, then you need to change the passwords of other sites as well. Apart from this, you should also beware of phishing emails.