Online learning platform Unacademy has reportedly suffered a data breach, and the account details of its 22 million users have been put up for sale on the dark web.
The database includes users from companies like Wipro, Infosys, Cognizant, Google and even one of its investors, Facebook. Over 20 million accounts from the Unacademy database were put up for sale on the dark web for $2,000, reported Bleeping Computer, citing a cyber intelligence company Cyble.
The leaked information includes usernames, passwords, email IDs, last login, account status among other account details. The website contacted numerous Unacademy users and verified that the data being sold is authentic and contains accurate information.
Unacademy confirmed the breach but denied loss of any sensitive information.
“We have been closely monitoring the situation and can confirm that basic information related to around 11 million learners has been compromised. However, we would like to assure our learners that no sensitive information such as financial data, location or passwords has been breached,” Hemesh Singh, co-founder and CTO - Unacademy, told Bleeping Computer.
The company claims to use stringent account protection measures like PBKDF2 algorithm with a SHA256 hash, an OTP-based login system, etc. It also informed about a complete background check to address any potential security loophole.
“Data security and privacy of our learners is of utmost importance to us and we will be in communication with our learners to keep them updated on the progress,” the statement read.Unacademy users are advised to immediately change their account password. You can also check if your account was breached on amibreached.com. Further, beware of any targeted phishing emails that could pretend to be from Unacademy asking for account details or its verification.