The firm recommended that registered Unacademy learners and educators immediately change their passwords on the site.

According to Cyble, the hackers are only putting up the user records up for sale at this time and may have access to more information.

A database of around 22 million users of Unacademy with contacts of employees of Wipro, Infosys, Cognizant, Google and its investor Facebook is up for sale on the darkweb, according to US-based security firm Cyble. The company had suffered a breach in January following which contacts were put up for sale as recently as May 3 for $2000, the firm said.

According to Cyble the database includes usernames, email addresses, passwords, date joined, last login date, first and last names, account profile, and account status (whether the account is active).

Hemesh Singh, Co-Founder and CTO, Unacademy in a statement to ET said, “As per our internal investigations, email data of around 11 million users has been compromised as against 22 million stated in reports. This is on account of only around 11 million email data of users available on the Unacademy platform.

We have been closely monitoring the situation and would like to assure our users that no sensitive information such as financial data or location has been breached. Data security and privacy protection of our users is of utmost importance to us and we are doing everything possible, to ensure no personal information is compromised. We follow stringent encryption methods using the PBKDF2 algorithm with a SHA256 hash, making it highly implausible for anyone to decrypt passwords.

We also follow an OTP based login system that provides an additional layer of security to our users. “

Unacademy recently raised a Series F round of funding of $110 million. Key investors in the firm include Facebook, General Atlantic, and Sequoia.

According to Cyble, the hackers are only putting up the user records up for sale at this time and may have access to more information. The firm recommended that registered Unacademy learners and educators immediately change their passwords on the site.

Article Source