2 Million Users of the E-Learning Platform Edureka Potentially Affected in Data Breach

A new data breach has been reported by security experts with SafetyDetectives. The breach in question affected the Edureka e-learning platform and potentially affected millions of users. Edureka is an Indian educational platform and the majority of the users are also Indian citizens.

Edureka has been around for nearly a decade now, founded in 2011 and steadily growing to become one of the Asian country's largest e-learning tools and marketplaces. The platform offers a wide range of courses and options for everyone, from high school students through university and postgraduate programs, delivered online. The security team that discovered the breach reported a "massive" volume of personal information becoming accessible during the breach, potentially affecting around 2 million different users and accounts.

The huge volume of personal data was stored without any sort of encryption or password protection on a web server. In other words, anyone who was able to somehow obtain the IP address of the exposed server could simply access all the sensitive personal information stored on it without any sort of hindrance, gating or protection. The exposed personal information stored on the server included users' real names, their e-mail addresses, platform activity logs and phone numbers.

The security researchers attempted contacting Edureka about the gaping security hole in their server and after failing to get any response from them escalated the issue with the country's Computer Emergency Response Team agency. Shortly after, the security issue was addressed.

Is There Anything You Can Do?

To think that anyone, anywhere in the world can store the personal information of their users and customers completely unprotected and not secured in any way, dumped in an exposed database on the web, is mind-boggling. This sort of thing should also serve as a reminder and a red flag to everyone.

No matter how good your password is and how well your home devices are protected, there is always the possibility of a service or platform being hacked or simply being extremely sloppy with the information you give them.

There is no meaningful way to counteract similar carelessness or successful hacking attacks, but the takeaway here would be to make sure you only provide the bare minimum of information required for any platform to make an account on it if you need to, as well as to run a brief security check-up on any new platforms and services you are interested in, looking for major security hiccups, leaks and breaches that took place in the past.

October 8, 2020

Leave a Reply