Facebook-funded Unacademy data hacked, claims cybersecurity firm
New Delhi, May 7: Facebook-funded education technology firm Unacademy's data comprising over 20 million accounts has been hacked by cybercriminals and put up for sale in the dark web, according to cybersecurity firm Cyble.
The hackers have claimed that they have access to the complete database of Unacademy and decided to leak only users' accounts at this point of time, Cyble said. The cyber intelligence firm added that further leaks are expected in the near future.
"On May 3, 2020, Cyble Inc discovered that a threat actor had begun to sell an Unacademy user database containing 20 million accounts for USD 2,000. Unacademy is India's largest online learning platform. This data breach apparently took place in January 2020," Cyble claimed.
When contacted, Unacademy co-founder and Chief Technology Officer Hemesh Singh said the company has been closely monitoring the situation and claimed that no sensitive information such as financial data or location has been breached.
"As per our internal investigations, e-mail data of around 11 million users has been compromised as against 22 million stated in reports. This is on account of only around 11 million e-mail data of users available on the Unacademy platform," Singh said.
He said the company is following stringent encryption methods and making it highly implausible for anyone to decrypt passwords.
"We also follow an OTP-based login system that provides an additional layer of security to our users. We are doing a complete background check and will be addressing any potential security loophole to further bolster our efforts of ensuring a far more robust security mechanism. We are in communication with our users to keep them updated on the progress," Singh said.
Facebook, General Atlantic, Sequoia India, Flipkart CEO Kalyan Krishnamurthy, and Nexus Venture Partners have invested in the company. According to Cyble, this breach can have an impact on security of other companies as well.
"Cybercriminals are always on the lookout for such breaches and utilise them for credential stuffing attacks. We have seen accounts/records with domain names from Infosys, TCS, Cognizant, Reliance Industries, HDFC, Accenture, ICICI, SBI, Canara Bank, Bank of Baroda, Punjab National Bank and several other large organisations," Cyble said.
-
Gold Silver Rate Today, 9 March 2026: City-Wise Prices, MCX Gold and Silver Ease Slightly After Rally -
Chinese Spy Ship Liaowang-1 Spotted Near Oman: Why Its Presence Near Oman Is Concerning For US Military -
Pune Gold Rate Today: Check Gold Prices For 18K, 22K, 24K in Pune -
Bangalore Gold Silver Rate Today, March 9, 2026: Gold and Silver Prices Fall as US Dollar Strengthens -
Who Is Nishant Kumar: Education, Personal Life and Possible Political Role -
Ind Vs NZ T20 World Cup Phalodi Satta Bazar Prediction: Know Who Will Win In India vs New Zealand Final -
Vijay-NDA Alliance On Cards? Pawan Kalyan Reportedly Reaches Out to TVK Chief -
Who Was Mojtaba Khamenei’s Wife Zahra Haddad-Adel and What Do We Know About Her? -
Trisha Hits Back at Parthiban: 'Crude Words Say More About the Speaker' -
India vs New Zealand T20 World Cup 2026 Final: Five Positive Signs Favouring India Before Title Clash -
IND vs NZ Final Live: When and Where to Watch India vs New Zealand T20 World Cup 2026 Title Clash -
Ind vs NZ T20 World Cup 2026: New Zealand Needs 256 Runs To Beat India And Win The World Cup
Click it and Unblock the Notifications
Sign in with Google