[Updated] Unacademy, India’s Largest Learning Platform Has Been Breached by Professional Hackers

With around $200 million of funding amount, Unacademy which is India’s largest education platform based in Bangalore is changing the way to learn. In a span of 6 months, over 300,000 students have benefited from over 2,400 online lessons and specialized courses on cracking various competitive examinations, on our platform. They have onboard some of the top educators in the country. They originally started as a YouTube channel in 2010 by Gaurav Munjal. As a company, it was founded by Roman Saini, Gaurav Munjal, Hemesh Singh in 2015, and is headquartered in Bangalore. The company has a network of over 12,000 educators and offers preparation material for several professional and educational entrance exams. Unacademy lessons are in the form of free videos, and via subscription. 

As per one of the financial reports, Unacademy expects to earn annual revenue of around $300 million in the coming years. Big enterprises such as this should start emphasizing on their installed security mechanisms. For which the Cyble not only holds the largest data breach monitoring search engine – amibreached.com that holds over 40 billion darkweb records, but has also come up with the vision to provide services which include enabling faster detection of cyber threats via Cyble Vision and providing clear visibility to third-party cyber threats and risks via their Third-Party Cyber Risk Intelligence Platform.

The fast-growing cybersecurity intelligence firm Cyble identified and disclosed another major data breach. On May 3rd, 2020, Cyble Inc. discovered that a threat actor had begun to sell an Unacademy user database containing 20 million accounts for $2,000. Unacademy is India’s largest online learning platform. This data breach apparently took place in Jan 2020, and the perpetrator alleged that they have access to their entire database. However, they decided to only leak users account at this point in time, further leaks are expected in the near future. Below is the snapshot of the Unacademy accounts being posted for sale on darkweb.

Cyble has also acquired the leaked database which approximately contains 22 million (21,909,709) Unacademy’s user account details. Following fields are available on the leaked data:

  • ID
  • Encrypted password
  • username
  • Email address
  • First Name
  • Last Name
  • Date Joined
  • Last Login
  • Is_Staff
  • Is_Active
  • Is_superuser

At this point, Cyble is unable to confirm who else might have access to this data. The threat actor also mentioned to Cyble researchers that the group is currently selling the user accounts only. They also claimed to have access to the entire databases of Unacademy, which might be in the darkweb market soon. Cyble team is continually monitoring the situation for any key developments.

Given the scale of this breach, it’s anticipated to affect other organisations as well potentially. Cybercriminals are always on the lookout for such breaches and utilise them for credential stuffing attacks. We have seen accounts/records with domain names from Infosys, TCS, Cognizant, Reliance Industries, TCS, HDFC, Accenture, ICICI, SBI, Canara Bank, Bank of Baroda, Punjab National Bank and several other large organisations. We welcome concerned organisations to get in touch with us to learn more. Alternatively, the concerned organisations can also get some information from our data breach monitoring platform, AmIBreached.com

We advise users to:

  • Change their Unacademy passwords immediately. 
  • Change passwords of any other account with a similar password pattern.
  • Implement multi-factor authentication where possible
  • Avoid using their corporate email addresses on third party services where possible
  • Closely monitor their financial transactions records to detect any anomalies
  • We also encourage people to register on amibreached.com and our social media channels (blog) to gain new information/updates regarding this attack, and many others we are tracking actively. 

Below is the snapshot of some of the user accounts details being leaked via this data breach attack-:

Image preview

Update: On May 8, 2020, hackers have just released more data of the Unacademy for sale on the dark web market. On this instance, they leaked four SQL files which include Unacademy user’s data, Unacademy profiles data, Unacademy IP details, and Unacademy online quizzes questions and answers as shown below in the snapshot-:

About Cyble:

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.

Comments are closed.

Scroll to Top