Byju’s exposed sensitive student data, including loan details
Reading Time: 2 minutesByju’s, the edtech giant and India’s most valuable startup, has fixed a server-side misconfiguration that was exposing sensitive data of its students.
The Indian startup exposed some students’ names, phone numbers, addresses and email IDs. The exposed data also included loan details such as payouts, links to scanned documents and transactional information related to some students.
The data was first found to be exposed on August 15, according to Shodan, a search engine for exposed devices and databases.
While the exact number of students whose data was exposed is unclear, Diachenko said one to two million records were accessible due to the issue.
Diachenko reported the issue to Byju’s directly on August 22. The misconfiguration was fixed soon after the researcher posted its details on X, the platform formerly known as Twitter, a day later.
‘There was a temporary exposure of a small fraction of our systems for a very short duration,’ said Anil Goel, Byju’s chief technology officer, in a prepared statement. ‘Our technical team has promptly resolved this issue as soon as it came to our notice. We would like to reiterate that all our systems have been built around safeguarding the privacy and security of our data.’
Byju’s did not confirm the exact number of students affected and did not respond to a question regarding whether the company had notified students of the lapse. Byju’s also would not say if it had the technical means to determine what data, if any, was accessed, and by whom.
Unlike the previous exposure due to the misconfiguration in a Salesken.ai server, the latest issue specifically affects Byju’s infrastructure.
The data exposure added to the woes of Byju’s, a Bengaluru-based startup valued at $22 billion, which is currently grappling with multiple challenges.
The startup’s three key investors — Peak XV Partners (erstwhile Sequoia Capital India & SEA), Prosus and Chan Zuckerberg Initiative — quit its board in June, a year after it attracted global scrutiny over delaying financial reporting. Prosus, one of the largest investors in Byju’s, said on its exit from board that its reporting and governance structures ‘did not evolve sufficiently for a company of that scale.’ The investment firm also slashed the valuation of the edtech startup to $5.1 billion in June from the $6 billion it had valued until November.
Earlier this year, Deloitte also made an early exit from Byju’s as its auditor for long delaying its financial statements.
Additionally, the startup has continued to lay off employees, including up to 1,000 people in June, to reduce costs.
Moreover, Byju’s saw searches from the Indian anti-money laundering agency at its offices, and reportedly a probe by the country’s corporate affairs ministry and tensions with its lenders on a $1.2 billion term loan — all at the time it was looking to raise more capital after a $250 million round in May.
Reference: https://techcrunch.com/2023/08/25/byjus-student-data-exposed/
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG