Data of around 22 million people who use Bengaluru-based edu tech start-up Unacademy’s services was leaked and put up for sale on the dark web, cybersecurity intelligence firm Cyble has said.
The data includes user names, passwords, joining date for the programme, last login date, email addresses, and if the user is a staff member or a super-user, said US-based Cyble.
Unacademy, which is backed by Facebook, said its internal investigation had found e-mail data of around 11 million users was compromised and not the number stated in reports. "This is because we have only around 11 million email data of users available on the Unacademy platform," said Hemesh Singh, co-Founder, and chief technology officer of the company.
Cyble claimed the leaked email data related to users from Wipro, Infosys, Cognizant, Google, Facebook and other companies. It said the breach likely happened in January following and data was put on sale as recently as May 3 for $2000.
“We have been closely monitoring the situation and would like to assure our users that no sensitive information such as financial data or location has been breached. Data security and privacy protection of our users is of utmost importance to us and we are doing everything possible, to ensure no personal information is compromised,” said Singh.
The company said it is addressing any potential security loopholes. “We are in communication with our users to keep them updated on the progress,” said Singh.
Founded by Gaurav Munjal, Roman Saini, and Hemesh Singh, in 2015, Unacademy is one of the country’s leading Edu-tech startups with backing from marquee investors including Facebook, General Atlantic, Sequoia India, and Blume Ventures. Unacademy raised $110 million in February 2020 in funding, which according to sources had valued the company between $400-500 million.