Edureka Suffers Server Breach, Data Of 2 Mn Users Exposed


Indian edtech platform Edureka is reported to have suffered a server breach which compromised data of more than 2 Mn users

The data breach, investigated and reported by SafetyDetectives, is said to have compromised users’ names, addresses and contact details

Just last month, SafetyDetectives had reported on a similar breach of the production server of RailYatri

Indian edtech platform Edureka has suffered a significant data breach, one that left names, addresses and phone numbers of more than 2 Mn users unprotected for over a week.  

Cybersecurity experts working with SafetyDetectives, an antivirus review website, first discovered the vulnerability on August 1, and following their protocol, contacted Edureka on August 6 to inform them about the same. Failing to receive a response, the team contacted the Indian Computer Emergency Response Team (CERT-In), India’s nodal authority for cybersecurity, on August 13. Subsequently, the server was secured. 

The SafetyDetectices report mentions that the vulnerability was with Edureka’s US-based Elasticsearch server which was left unsecured, without password protection. The SafetyDetectices security research team, led by Anurag Sen is said to have found 25 gigabytes of data, containing more than 45 Mn breached records of personal data. Since some of the records were duplicated, the number of users affected by the data breach is conservatively estimated to be around 2 Mn, with most of them in India and a handful in other countries such as the US as well.

In its response to Mint, Edureka confirmed that the server breach had occurred, but denied that any personal information of users was compromised. 

The Bengaluru-headquartered Edureka, founded in 2011 by Lovleen Bhatia, is an online learning platform which offers short term as well as degree-level courses in collaboration with educational institutes. The company’s server is hosted by Amazon Web Services.

The SafetyDetectives report on the Edureka server breach mentions that instances, where bytes of personal information are leaked together, can severely impact affected users as it allows malicious hackers to launch more sophisticated attacks targeted at individuals. 

Last month, SafetyDetectives had reported a similar breach of the production server of RailYatri, an Indian government-sanctioned travel marketplace. The breach was said to have left the personal data of 7 lakh users, including names, contact numbers, email addresses and payment cards information exposed. 

India Remains Vulnerable To Cyber Attacks

On September 22, the Ministry of Electronics and Information Technology (MeITY) told the Parliament that Indian citizens, commercial and legal entities faced almost 7 lakh cyberattacks till August this year.

The Indian Computer Emergency Response Team (CERT-In) has “reported 49,455, 50,362, 53,117, 208,456, 394,499 and 696,938 cybersecurity incidents during the year 2015, 2016, 2017, 2018, 2019 and 2020 (till August) respectively,” the MeITY said while responding to an unstarred question in the Lok Sabha regarding cyberattacks on Indian citizens and India-based commercial and legal entities.

According to an Inc42 report from January this year, government data shows that in 2019 alone, India witnessed 3.94 lakh instances of cybersecurity breaches. In terms of hacking of state and central government websites, Indian Computer Emergency Response Team (CERT-In) data shows that a total of 336 websites belonging to central ministries, departments and state governments were hacked between 2017 and 2019. 

According to Nasscom’s Data Security Council of India (DSCI) report 2019, India witnessed the second-highest number of cyberattacks in the world between 2016 and 2018. This comes at a time when digitisation of the Indian economy is predicted to result in a $435 Bn opportunity by 2025.

In a bid to control the growing incidents of cybercrime in the country, the government, in February this year, set up a National Cyber Research, Innovation and Capacity Building Centre in Hyderabad, Telangana. 





Source link

Recent articles

US claims Iranian hackers accessed voter information | United States

Iranian officials have denied hacking claims, saying it makes no difference to them whether Trump or Biden wins.United States officials said late Friday...

Europe Risks a New Economic Downturn as Lockdowns Return

“We are completely reliant on the development of the virus,” said Sylvain Broyer, chief economist at S&P Global Ratings in Europe.The volatile growth...

Hunt or Be Hunted in “A Wolf or Other,” Now Available on Roblox for Xbox One

Halloween is right around the corner, and as luck would have it, another full moon. What better way to celebrate this...

Apple will replace AirPods Pro for free with faulty noise cancellation, static or crackling

Today, exactly one year after Apple first launched the AirPods Pro — and thus the same day the very first AirPods...

El Al chief Usishkin to step down in January | News

Israeli flag-carrier El Al’s chief executive, Gonen Usishkin, is to step down from his position in January next year, three months after a...

Crippling Cyberattacks, Disinformation Top Concerns for Election Day

Cyber-researchers weigh in on what concerns them the most as the U.S. heads into the final weekend before the presidential election -- and...

Leave a reply

Please enter your comment!
Please enter your name here