The entire user database of Unacademy has been leaked by a hacker and is currently up for sale on the Dark Web. As per the listing on the Dark Web, the database contains information of 2.2 crore registered people and is priced at $2000 or INR 150,000.
The data breach occurred back in January this year. Unacademy is one of India’s biggest online learning portal backed by Facebook. It was started by three individuals Roman Saini, Gaurav Munjal, and Hemesh Singh in 2015.
Gaurav Munjal, CEO, and Co-founder of Unacademy tweeted the same on his official Twitter handle.
We recently found out that some data pertaining to our users’ basic credentials was compromised. We are monitoring the situation closely and would like to assure you that no sensitive information such as financial data or location has been breached.
— Gaurav Munjal (@gauravmunjal) May 7, 2020
The data breach was first spotted by Cyble, a cybersecurity firm. As per the report, personal details like Name, Email, Joined Date, Password in hashed form, etc are found in the file.
These are the fields that are found in the leaked file:
- ID
- Encrypted password
- username
- Email address
- First Name
- Last Name
- Date Joined
- Last Login
- Is_Staff
- Is_Active
- Is_superuse
The password in the database is encrypted with SHA-256 hash and not in plain-text form. It is pretty strong and the passwords are not exposed yet. What’s more interesting is that the leaked details contain users with a corporate email address from companies like Google, Wipro, Facebook, Infosys, etc. If these users are using the same login credentials for professional use, their accounts might be at risk.
All Unacademy users are advised to change their login credentials as soon as possible. As per the officials, only data of 1.1 crore users are leaked but the dark web listing tells it contains data of 2.2 crore users, which is the entire number of users on the Unacademy platform.
He also further confirmed that no sensitive or financial data or location has been breached. If you use Unacademy, change the password as soon as possible. Also, be sure to change the password on other websites or services if you are using the same login credentials.
