India’s Byju’s Leaked Students PII Due to Server Misconfiguration

Byju’s, India’s leading ed-tech startup, has exposed the data of some of it’s students publicly for a week before patching the server-side misconfiguration.

The exposed details include students’ names, phone numbers, email addresses and other PII. While Byju’s didn’t disclose how many students were impacted by this incident, Bob Diachenko, the security researcher who found this leak, estimated the leaked records to be between 1 and 2 million.

Byju’s Leaking Student Database

India’s leading tech startup, Byju’s has reportedly exposed some of it’s students’ PII this week due to a misconfigured server. This was initially spotted by Bob Diachenko, a security researcher, on August 15th via Shodan.

Talking to TechCrunch, Diachenko said the leak was due to a misconfigured Apache Kafka server by Byju’s to send and receive data in real-time. Anyone with the server’s IP addresses can read the records without a password, said the researcher.

https://twitter.com/MayhemDayOne/status/1694311872827208160

This was reported to Byju’s on August 22nd, leading to the company patching it immediately. Yet, the exposed details remained accessible for a week, leaking the students’ names, phone numbers, addresses and email IDs. The dump also contains student loan details like payouts, links to scanned documents and transactional information.

Though Byju’s fixed the server, it didn’t inform how many students were affected by this exposure, whether the company had notified students of this lapse or if it had the technical means to determine what data, if any, was accessed and by whom.

All these questions asked by TechCrunch gone unanswered but the company claimed that “no data or information was exposed or compromised” during the week-long exposure. Bob Diachenko, in his estimates, said the leaked data may contain anywhere between one to two million records.

This was the second cybersecurity incident concerning Byju’s, after the company’s subsidiary WhiteHat Jr. suffered a similar data breach in 2021, where it’s third-party service provider Salesken.ai, exposed students data.

Other Trending News:-  News

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Leaseweb Disclosed an Unusual Activity in its Infrastructure

Next Post
5 Best IPTV Apps for Apple TV To Use in 2023

Best IPTV Apps for Android and iOS To Use in 2023

Related Posts