Security Researcher Claims Tech Glitch Exposed BYJU’S Students’ Data; Co Denies Leaks

Security Researcher Claims Tech Glitch Exposed BYJU’S Students’ Data; Co Denies Leaks

SUMMARY

Misconfiguration in BYJU’S server exposed some students’ sensitive data, including their loan and payment details, according to security researcher Bob Diachenko

BYJU’S told Inc42 that the glitch happened for a short period of time and no data was compromised

The incident adds to the woes of BYJU’S, which has been plagued with multiple controversies pertaining to corporate governance, funding crunch, layoffs, among others

A security researcher has claimed that a technical glitch at BYJU’S exposed sensitive data of students, including their loan and payment details. However, the embattled edtech giant told Inc42 it was a temporary glitch and no data was compromised.

The glitch came to notice after security researcher Bob Diachenko posted on X (formerly Twitter) about it on August 23. “Byju’s, an education technology giant and India’s most valuable startup, exposed data of its customers via misconfigured service instance. While there is no response from the company, personal data of students, incl. loan and payment details along with other info, is at risk,” he said.

TechCrunch reported that names, addresses, phone numbers and email IDs of the students were also exposed.

However, BYJU’S said that no personal data was exposed. “There was a temporary exposure of a small fraction of our systems for a very short duration. Please note, no data or information was exposed or compromised during this event,” BYJU’S CTO Anil Goel said. 

“Our technical team has promptly resolved this issue as soon as it came to our notice. We would like to reiterate that all our systems have been built around safeguarding the privacy and security of our data,” Goel added.

Back in 2021, a similar case was reported with BYJU’S data that involved a security lapse and “this time it is much worse”, Diachenko’s post on X said. 

Diachenko told TechCrunch there were several IP addresses with the misconfigured server that enabled anyone to access the queue to read the students’ records without a password.

The company used the misconfigured Apache Kafka server to send and receive data in real time, he said. 

The misconfiguration was apparently fixed after the researcher’s post on X.

Earlier in 2020, personal data of 2.8 Lakh students and teachers enrolled on BYJU’S-owned WhiteHat Jr was reportedly exposed due to vulnerabilities in the company’s server.

Diachenko reportedly claimed 1 Mn-2 Mn records were accessible due to the latest issue at the startup.

BYJU’S Many Troubles

The incident adds to the woes of BYJU’S, which has been plagued with multiple controversies and issues pertaining to corporate governance, funding crunch, layoffs, delay in filing financial statements, and $1.2 Bn Term Loan B.

The beleaguered edtech decacorn also witnessed a major overhaul of its board and core team recently.

In June this year, three of its board members, including GV Ravishankar, MD of early-backer Peak XV Partners, resigned, along with representatives of Prosus and Chan Zuckerberg Initiative. 

BYJU’S former auditor Deloitte also quit from its role citing the delay in the filing the financial statements for FY22.

The company’s SVP for international business, Cherian Thomas, left the company this month.

Meanwhile, the startup recently roped in former Infosys executive VP and HR head Richard Lobo as an exclusive advisor in an attempt to transform its HR function. BYJU’S has also hired former upGrad CEO Arjun Mohan as the CEO of its international business. 

The edtech company also appointed former SBI Chairperson Rajnish Kumar and ace investor TV Mohandas Pai as members of its advisory council in July.

Step up your startup journey with BHASKAR! From resources to networking, BHASKAR connects Indian innovators with everything they need to succeed. Join today to access a platform built for innovation, growth, and community.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Security Researcher Claims Tech Glitch Exposed BYJU’S Students’ Data; Co Denies Leaks-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Security Researcher Claims Tech Glitch Exposed BYJU’S Students’ Data; Co Denies Leaks-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Security Researcher Claims Tech Glitch Exposed BYJU’S Students’ Data; Co Denies Leaks-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Security Researcher Claims Tech Glitch Exposed BYJU’S Students’ Data; Co Denies Leaks-Inc42 Media
Security Researcher Claims Tech Glitch Exposed BYJU’S Students’ Data; Co Denies Leaks-Inc42 Media
You’re in Good company