Bengaluru-based online tutorial platform Vedantu has been accused of a massive data breach running onto 687,000 records. The allegation has been made on microblogging platform Twitter by Have I Been Pwned, a free data breach search and notification service that monitors security breaches and password leaks for users’ security.
New breach: Indian training site Vedantu had 687k records exposed in July. Exposed data includes IP and email addresses, names, phone numbers, genders and passwords stored as bcrypt hashes. 28% of addresses were already in @haveibeenpwned https://t.co/LGaAnj1hUA— Have I Been Pwned (@haveibeenpwned) November 1, 2019
According to its Twitter profile, Have I Been Pwned has around 86,0000 followers and tweeted about the Vedantu data breach today.
The tweet said that Vedantu was exposed in July, which included IP and email addresses, names, phone numbers, gender and passwords stored as bcrypt hashes.
Email queries to Vedantu’s founders did not elicit responses at the time of publishing this report.
Another tweet from a user called Troy Hunt alleged that the tutorial company knew about the breach and was aware about customer data was being exchanged online.
Just for the record, I managed to make contact with Vedantu a week ago. They were aware of the incident and advised they were contacting impacted customers. They were also aware their customer data was being exchanged online https://t.co/bguAcm3rh6— Troy Hunt (@troyhunt) November 1, 2019
Hunt’S Twitter profile claims he is the creator of @haveibeenpwned.
Earlier in August, Vedantu raised $42 million in a Series C round led by existing investor Tiger Global Management and new investor Westbridge Capital.