A hacker has struck Unacademy, a popular online learning platform in India and put around 2.2 crore users’ data on the dark web for sale for $2000.
Cyble, a US-based cybersecurity firm discovered the breach of the Bangalore-based learning portal and stated that the hacker obtained the data back in January, compromising a total of 2,19,09,707 user records.
However, Unacademy has issued a statement confirming the breach, but maintained that only 11 million users were affected.
BleepingComputer, an information security and technology news publication, reported that the accounts using corporate email addresses are also a part of the exposed database.
The last user account created in the database is from January 26 which suggests that the hacker was able to breach Unacademy's systems sometime in January.
In a statement to Gadgets 360, Unacademy co-founder and CTO Hemesh Singh acknowledged the data breach, though he stated that only 11 million users were affected as per internal investigations — not the nearly 22 million number reported by Cyble.
However, BleepingComputer claimed that it was able to see hashed passwords amongst the records available in the exposed database. There are reports that suggest the hacker is in possession of ‘additional data’ as well, apart from the one’s revealed already.
