Vedantu Confirms Hack That Compromised Data Of 687K Users

The mismatch between the growth in the data economy and poor security infrastructure has led to several cybersecurity incidents recently. Bengaluru-based edtech startup Vedantu has confirmed that it faced a data breach in the last week of September. Data of 687K Vedantu customers were put at risk as the data breach allegedly exposed customer details including email and IP addresses and names.

“According to our preliminary analysis, some records of 687K user accounts have been hacked and breached (10% of total user accounts). Some of the user account information have been compromised owing to this,” Vedantu cofounder and CEO Vamsi Krishna told Inc42.

However, the company added that no user accounts have been compromised as all the passwords are encrypted. “While our strong IT security system ensures that user passwords were not at all compromised, as a security measure we have still sent proactive emails to our users urging them to change their passwords. We also want to reassure everyone here that no other secured user information/data (including payment-related information) have been compromised,” Krishna added.

While Vedantu said that multiple changes are being made to the security infrastructure to prevent any such untoward incidents in the future, the data breach once again raises questions about cybersecurity in India.

Need For An Effective Cybersecurity Policy

On October 28, 2019, media reports said that almost 1.3 Mn debit and credit card details had been put up for sale on a website called Joker’s Stash. The database had details from various issuing banks and 98% of the leaked data belongs to Indian customers. The data was on sale on the dark web allegedly causing losses worth millions of dollars.

In a report, Singapore-based cybersecurity company Group-IB that specialises in preventing cyber attacks, revealed that each card detail was being sold for $100, which brought the total value to at least $130 Mn.

A day after the report, the Reserve Bank of India told banks to perform a preliminary analysis of the leaked card information online. “On finding leaked data to be correct and genuine, disable and reissue the credit and debit cards as per the bank’s policy. Monitor credit/debit transaction for the detection of frauds and misuses. Sensitise customers to use credit/debit cards in a secured manner in all modes of transactions line online, point of sale etc,” the RBI notice said.

An increasing number of cyber attacks have led to an increasing number of companies going for cybersecurity insurance policies.

A clear policy is the need of the hour, especially in India, which saw the second-highest number of cyber attacks between 2016 and 2018, according to a Data Security Council of India (DSCI) report this year. The Indian government announced in August that it would unveil an official cybersecurity strategy policy by January 2020.

With 5G and other rapid technological advancements, the policy would need to focus on new kinds of malware and IoT security as well. The government said that the most important requirement for internet security is increased effective coordination between ministries that are overseeing critical infrastructure assets and public-private partnerships.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.