[BreachExchange] Online education site EduCBA discloses data breach after hack

[Destry Winant]

https://www.bleepingcomputer.com/news/security/online-education-site-educba-discloses-data-breach-after-hack/

Online education site EduCBA has started notifying customers that they
are resetting their passwords after suffering a data breach.

EduCBA is an online education site based out of India that offers over
2,500 online courses and job oriented learning programs focus on
finance, technology, and business to their 500,000 learners.

Yesterday, EduCBA began emailing data breach notifications to
customers stating that their systems were hacked and user data was
exposed.

The notification is a bit strange as it does not go into great detail
about what information was stolen and simply states, "email, name,
password, courses visited, etc may have been compromised."

BleepingComputer has emailed EduCBA to clarify what other information
is referenced by 'etc' but has not heard back as of yet.

They have stated that no financial information was accessed as they
use third-party processors such as PayPal and 2Checkout to process
payments.

As a precaution, EduCBA states that they have reset all user's passwords.

"Therefore, as a caution, we have invalidated passwords of all the
users. You may retrieve your password here," the data breach
notification reads.

A comment on twitter, though, states that the password for their
account was not reset.

If you have an account at EduCBA, you should immediately change your
password to a unique one only used at that site.

If your EduCBA password was used at other sites, it is strongly
advised that you change the passwords at these sites to a strong and
unique one as well.