[BreachExchange] Ed-tech firm Vedantu’s data breach exposes personal data of 686k+ users: Report

Destry Winant destry at riskbasedsecurity.com
Mon Nov 4 10:12:56 EST 2019


https://www.medianama.com/2019/11/223-vedantu-data-breach/

Ed-tech company Vedantu faced a data breach on July 8, exposing the
personal data of about 686,899 users. Twitter account Have I Been
Pwned, a website which tracks and reports data breaches, first
reported this.

What all data was breached? Personal details including users’ email
and IP address, names, phone numbers, gender, passwords, spoken
languages, time zones, website activity, all of which were stored as
bcrypt hashes, were leaked, according to Have I Been Pwned.

Vedantu is aware of the breach: Vedantu was aware of the breach and is
in the process of informing its customers, Have I Been Pwned said.
Microsoft’s regional director, Troy Hunt, who manages Have I Been
Pwned, said on Twitter that Vedantu was also aware that its customers’
data was being exchanged online.

What Vedantu said: Vedantu, however, also said that sensitive details
of users were not leaked and since the details were stored in an
encrypted format, it wouldn’t be easy to misuse the data, according to
the Economic Times. The vulnerability was fixed within a few days, as
per the report. The ET report says that the breach took place in the
last week of September, but according to HIBP’s website, the date of
breach was July 8.


More information about the BreachExchange mailing list