45 million affected by data leak at Indian e-learning platform Edureka

SafetyDetectives cybersecurity specialists have reported a data breach on Edureka, an online learning platform based in Bengaluru, India. The incident would have affected about 2 million users due to public exposure from a server; in this regard, the operating company mentions that confidential user information was not compromised. 

In their report, specialists mention that more than 45 million exposed records have been found, equivalent to about 24 GB; records include full names, email addresses, and phone numbers. It should be noted that many of the records are duplicated. Other details exposed include login information, courses that the user has accessed, among other data.

As in any similar incident, the exposed information could be used by threat actors to deploy all kinds of malicious campaigns, either by selling their information on hacking forums or by using phishing attacks against affected users, specialists mention. Although the operating company mentions that it is not possible to determine the exact number of affected users, the researchers mention that the database must have almost 2 million unique records.

In addition to the risk of phishing attacks, the nature of the compromised information would allow threat actors to deploy identity fraud, banking fraud, and even cause malware infections on the devices of affected users.

In this regard, Edureka co-founder and CEO Lovleen Bhatia said: “We have the strictest security policies and conduct security audits on a routine basis. Our cloud services are hosted on Amazon Web Services (AWS) servers, so we can assure you that your sensitive information is completely safe.”

Researchers first discovered faults in Edureka on August 1, while performing routine IP address checks. In compliance with established security protocols, SafetyDetectives attempted to contact Edureka on August 6 last and, upon receiving no response, investigators decided to notify the Indian Computer Emergency Response Team, so the exposed implementations were finally secured a couple of days later.