Mumbai: Data users on Indian e-learning platform Edureka were publicly exposed without password protection according to a team of security experts at SafetyDetectives on Wednesday who announced the discovery of a massive data breach impacting up to 2 million users.
Led by Anurag Sen, the SafetyDetectives security research team discovered a massive amount of highly sensitive personal information, belonging to up to 2 million Edureka users, publicly exposed and without password protection.
This meant that mere knowledge of the server’s IP address provided access to the entirety of this sensitive database containing user names, email addresses, phone numbers, login activity records, and miscellaneous auth token information on Amazon servers hosted in the US.
Edureka is a premier e-learning platform and online education marketplace co-founded in 2011 by Lovleen Bhatia. It offers online education programmes including higher education courses, masters and postgraduate courses from Indian universities, using a combination of live and recorded instructor-led programmes to working professionals seeking digitally powered skills enhancement.