ADVERTISEMENT

Tiger Global-backed tutorial platform Vedantu accused of massive data breach

Tiger Global-backed tutorial platform Vedantu accused of massive data breach
Right to left: Vamsi Krishna, CEO & co-founder, Anand Prakash, co-founder and Pulkit Jain, co-founder and product head, Vedantu

Bengaluru-based online tutorial platform Vedantu has been accused of a massive data breach running into 687,000 records. The allegation has been made on microblogging platform Twitter by Have I Been Pwned, a free data breach search and notification service that monitors security breaches and password leaks for users’ security. Vedantu confirmed the breach to TechCircle, adding that the breach had affected 10% of its overall user accounts.

According to its Twitter profile, Have I Been Pwned has around 86,0000 followers and tweeted about the Vedantu data breach today.

The tweet said that Vedantu was exposed in July, which included IP and email addresses, names, phone numbers, gender and passwords stored as bcrypt hashes.

Confirming the breach, the company told TechCircle in an emailed response, "Yes, Vedantu has been subject to a hacker attack. According to our preliminary analysis, some records of 687,000 user accounts have been hacked and breached (10% of total user accounts). Some of the user account information have been compromised owing to this. However, no user accounts have been compromised because all our passwords are encrypted. While our strong IT security system ensures that user passwords were not at all compromised, as a security measure we have still sent proactive emails to our users urging them to change their passwords. We also want to re assure everyone here that no other secured user information/data (including payment related information) have been compromised.”

The statement further said, "“We are always entitled to protect our customer data and hence multiple changes are being inducted in our security infrastructure to prevent any such untoward incidents in the future.”

Another tweet from a user called Troy Hunt alleged that the tutorial company knew about the breach and was aware about customer data was being exchanged online.

Hunt’s Twitter profile claims he is the creator of @haveibeenpwned.

Earlier in August, Vedantu raised $42 million in a Series C round led by existing investor Tiger Global Management and new investor Westbridge Capital.

Share this Post

Comment(s)

ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT