BreachExchange mailing list archives
Ed-tech firm Vedantu’s data breach exposes personal data of 686k+ users: Report
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 4 Nov 2019 09:12:56 -0600
https://www.medianama.com/2019/11/223-vedantu-data-breach/ Ed-tech company Vedantu faced a data breach on July 8, exposing the personal data of about 686,899 users. Twitter account Have I Been Pwned, a website which tracks and reports data breaches, first reported this. What all data was breached? Personal details including users’ email and IP address, names, phone numbers, gender, passwords, spoken languages, time zones, website activity, all of which were stored as bcrypt hashes, were leaked, according to Have I Been Pwned. Vedantu is aware of the breach: Vedantu was aware of the breach and is in the process of informing its customers, Have I Been Pwned said. Microsoft’s regional director, Troy Hunt, who manages Have I Been Pwned, said on Twitter that Vedantu was also aware that its customers’ data was being exchanged online. What Vedantu said: Vedantu, however, also said that sensitive details of users were not leaked and since the details were stored in an encrypted format, it wouldn’t be easy to misuse the data, according to the Economic Times. The vulnerability was fixed within a few days, as per the report. The ET report says that the breach took place in the last week of September, but according to HIBP’s website, the date of breach was July 8. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Ed-tech firm Vedantu’s data breach exposes personal data of 686k+ users: Report Destry Winant (Nov 04)