Edtech Startup Edureka Suffers Server Breach, Data Of 2 Mn Users Exposed

Edtech Startup Edureka Suffers Server Breach, Data Of 2 Mn Users Exposed


Indian edtech platform Edureka is reported to have suffered a server breach which compromised data of more than 2 Mn users

The data breach, investigated and reported by SafetyDetectives, is said to have compromised users’ names, addresses and contact details

Just last month, SafetyDetectives had reported on a similar breach of the production server of RailYatri

Indian edtech platform Edureka has suffered a significant data breach, one that left names, addresses and phone numbers of more than 2 Mn users unprotected for over a week.  

Cybersecurity experts working with SafetyDetectives, an antivirus review website, first discovered the vulnerability on August 1, and following their protocol, contacted Edureka on August 6 to inform them about the same. Failing to receive a response, the team contacted the Indian Computer Emergency Response Team (CERT-In), India’s nodal authority for cybersecurity, on August 13. Subsequently, the server was secured. 

The SafetyDetectices report mentions that the vulnerability was with Edureka’s US-based Elasticsearch server which was left unsecured, without password protection. The SafetyDetectices security research team, led by Anurag Sen is said to have found 25 gigabytes of data, containing more than 45 Mn breached records of personal data. Since some of the records were duplicated, the number of users affected by the data breach is conservatively estimated to be around 2 Mn, with most of them in India and a handful in other countries such as the US as well.

In its response to Mint, Edureka confirmed that the server breach had occurred, but denied that any personal information of users was compromised. 

The Bengaluru-headquartered Edureka, founded in 2011 by Lovleen Bhatia, is an online learning platform which offers short term as well as degree-level courses in collaboration with educational institutes. The company’s server is hosted by Amazon Web Services.

The SafetyDetectives report on the Edureka server breach mentions that instances, where bytes of personal information are leaked together, can severely impact affected users as it allows malicious hackers to launch more sophisticated attacks targeted at individuals. 

Last month, SafetyDetectives had reported a similar breach of the production server of RailYatri, an Indian government-sanctioned travel marketplace. The breach was said to have left the personal data of 7 lakh users, including names, contact numbers, email addresses and payment cards information exposed. 

India Remains Vulnerable To Cyber Attacks

On September 22, the Ministry of Electronics and Information Technology (MeITY) told the Parliament that Indian citizens, commercial and legal entities faced almost 7 lakh cyberattacks till August this year.

The Indian Computer Emergency Response Team (CERT-In) has “reported 49,455, 50,362, 53,117, 208,456, 394,499 and 696,938 cybersecurity incidents during the year 2015, 2016, 2017, 2018, 2019 and 2020 (till August) respectively,” the MeITY said while responding to an unstarred question in the Lok Sabha regarding cyberattacks on Indian citizens and India-based commercial and legal entities.

According to an Inc42 report from January this year, government data shows that in 2019 alone, India witnessed 3.94 lakh instances of cybersecurity breaches. In terms of hacking of state and central government websites, Indian Computer Emergency Response Team (CERT-In) data shows that a total of 336 websites belonging to central ministries, departments and state governments were hacked between 2017 and 2019. 

According to Nasscom’s Data Security Council of India (DSCI) report 2019, India witnessed the second-highest number of cyberattacks in the world between 2016 and 2018. This comes at a time when digitisation of the Indian economy is predicted to result in a $435 Bn opportunity by 2025.

In a bid to control the growing incidents of cybercrime in the country, the government, in February this year, set up a National Cyber Research, Innovation and Capacity Building Centre in Hyderabad, Telangana. 

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

Unlock 60% OFF
Cancel Anytime
Unlock 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Edtech Startup Edureka Suffers Server Breach, Data Of 2 Mn Users Exposed-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Edtech Startup Edureka Suffers Server Breach, Data Of 2 Mn Users Exposed-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Edtech Startup Edureka Suffers Server Breach, Data Of 2 Mn Users Exposed-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Edtech Startup Edureka Suffers Server Breach, Data Of 2 Mn Users Exposed-Inc42 Media
Edtech Startup Edureka Suffers Server Breach, Data Of 2 Mn Users Exposed-Inc42 Media
You’re in Good company