What is a username on Unacademy
Unacademy suffered a serious data breach: 22 million records are sold on the dark web
Unacademy, a Facebook-backed India-based online learning platform, has suffered a serious data breach and it is because of this that some cyber criminals are now making money. We know this because researchers at Cyble, a cybersecurity company, recently noticed an ad in an underground marketplace selling a database that it claims contains 20 million Unacademy accounts. To add it to their AmIBreached.com security breach monitoring service, Cyble experts purchased the database and found that it actually contains a little under 22 million records. More surprising, however, was the price - only $ 2,000.
Securely hashed passwords lower the price
The wide availability of stolen information means that such databases are usually quite cheap. In this case, however, you can get close to 11,000 accounts on a single dollar, which is an amazingly low price. There is a good reason for this, however.
Cyble shared the database with reporters from Bleeping Computer, who confirmed that the passwords stored in the dump were hashed using SHA256 - a strong hashing algorithm. It will be very difficult to convert the hashes into clear text passwords, and it will likely take time for the crooks to be reluctant to invest. In addition, Hemesh Singh, CTO of the Unacademy, told Bleeping Computer that the platform has an "OTP-based login system" that is intended to further protect the affected users.
As a precaution, Unacademy users are still advised to change their passwords. However, it is fair to say that the database currently for sale on the dark internet is not an imminent threat to account takeover. However, this does not mean that the violation is insignificant.
Hackers can use the Unacademy data in a number of ways
In addition to the SHA256 hashes, each individual record contains the user's first and last name, username, email address, last login date, and the date the user's account was created. In other words, hackers with $ 2,000 left can still access a lot of useful information. The exposed data can form the basis of carefully crafted spear phishing attacks, which, given the positions some of the data subjects occupy, can have dire consequences.
According to Cyble, many users affected by the Unacademy breach had used their corporate email during registration. Some of them work for big tech companies like Facebook, Google, Infosys, Cognizant and Wipro. If their social engineering skills are good enough, the hackers can potentially trick victims into sharing information that offers an opportunity to compromise a large company's network.
Obviously, this is just a hypothesis at this point, and overall it is difficult to estimate how great the impact of the breach could be, especially given the unknowns that surround it.
There are some question marks surrounding the violation of the Unacademy
According to Hemesh Singh, the violation "affected around 11 million learners," but as mentioned earlier, the number of records in the database is almost twice as many. Unfortunately, Singh did not answer Bleeping Computer's follow-up questions about the discrepancy. Nor did he comment on the hackers' claims.
According to Singh, only "basic information" was revealed during the breach, but the alleged perpetrators told Cyble that the 22 million user records are only part of the data stolen. They say they got away with the "entire database" of the Unacademy, although it is obviously difficult to say how credible their claims are.
The Unacademy has launched an investigation that will hopefully confirm or deny these claims, and we hope the results will be publicly announced. In the meantime, Unacademy users must be aware of the dangers associated with the incident and act accordingly.
- Heal cuts better covered or uncovered
- How would I sell my 1 kidney
- How can I learn to make meat
- How do I refill the toner cartridge
- Which method is useful in youth rehabilitation
- Can your perception change your reality
- Can rust gold
- How does the step counter for iPhones work
- What are some examples of embedded programming
- What foods contain zinc
- What are antimicrobial drugs
- What is half of frac 20 2
- What are the best bars in Sardinia
- Habitual Noerglers are depressed
- What is a seam
- What is 33 1 1 1
- Why do people think Mr Robot is great
- What is it like to ski in Scandinavia?
- What are the best massively multiplayer games
- Republicans got upset after Obama won
- Hitler Germany was a democracy
- Should the UFC stop testing for steroids
- What is a facade doing in Laravel
- Is argon oil good for your hair?