Unacademy Confirms Data Breach; Data of Nearly 22 Million Users Sold On Dark Web

Cyble, a cybersecurity intelligence firm, recently revealed that a hacker had begun to sell the user database of Unacademy, India’s largest online learning platform, containing over 20 million accounts for $2,000 (Rs 1,51,640).

Unacademy one of the India’s largest online learning platform that provides services to roughly 1.1 crore users around India, has confirmed a data breach.

Cyble, a cybersecurity intelligence firm, recently revealed that a hacker had begun to sell the user database of Unacademy, India’s largest online learning platform, containing over 20 million accounts for $2,000 (Rs 1,51,640).

The database reportedly includes usernames, hashed passwords, email addresses, and first and last names of users. Unacademy has confirmed the breach in a statement, though it has said that only 11 million users were affected.

It is reported that the last user account created in the database is from January 26. This suggests that the hacker was able to breach Unacademy’s systems sometime in January.

Given the scale of this breach, it’s anticipated to affect other organisations as well potentially. Cybercriminals are always on the lookout for such breaches and utilise them for credential stuffing attacks. We have seen accounts/records with domain names from Infosys, TCS, Cognizant, Reliance Industries, TCS, HDFC, Accenture, ICICI, SBI, Canara Bank, Bank of Baroda, Punjab National Bank and several other large organisations. We welcome concerned organisations to get in touch with us to learn more. Alternatively, the concerned organisations can also get some information from our data breach monitoring platform, AmIBreached.com