Security Researcher Claims Tech Glitch Exposed BYJU’S Students’ Data; Co Denies Leaks

Share via:

A security researcher has claimed that a technical glitch at BYJU’S exposed sensitive data of students, including their loan and payment details. However, the embattled edtech giant told Inc42 it was a temporary glitch and no data was compromised.

The glitch came to notice after security researcher Bob Diachenko posted on X (formerly Twitter) about it on August 23. “Byju’s, an education technology giant and India’s most valuable startup, exposed data of its customers via misconfigured service instance. While there is no response from the company, personal data of students, incl. loan and payment details along with other info, is at risk,” he said.

TechCrunch reported that names, addresses, phone numbers and email IDs of the students were also exposed.

However, BYJU’S said that no personal data was exposed. “There was a temporary exposure of a small fraction of our systems for a very short duration. Please note, no data or information was exposed or compromised during this event,” BYJU’S CTO Anil Goel said. 

“Our technical team has promptly resolved this issue as soon as it came to our notice. We would like to reiterate that all our systems have been built around safeguarding the privacy and security of our data,” Goel added.

Back in 2021, a similar case was reported with BYJU’S data that involved a security lapse and “this time it is much worse”, Diachenko’s post on X said. 

Diachenko told TechCrunch there were several IP addresses with the misconfigured server that enabled anyone to access the queue to read the students’ records without a password.

The company used the misconfigured Apache Kafka server to send and receive data in real time, he said. 

The misconfiguration was apparently fixed after the researcher’s post on X.

Earlier in 2020, personal data of 2.8 Lakh students and teachers enrolled on BYJU’S-owned WhiteHat Jr was reportedly exposed due to vulnerabilities in the company’s server.

Diachenko reportedly claimed 1 Mn-2 Mn records were accessible due to the latest issue at the startup.

BYJU’S Many Troubles

The incident adds to the woes of BYJU’S, which has been plagued with multiple controversies and issues pertaining to corporate governance, funding crunch, layoffs, delay in filing financial statements, and $1.2 Bn Term Loan B.

The beleaguered edtech decacorn also witnessed a major overhaul of its board and core team recently.

In June this year, three of its board members, including GV Ravishankar, MD of early-backer Peak XV Partners, resigned, along with representatives of Prosus and Chan Zuckerberg Initiative. 

BYJU’S former auditor Deloitte also quit from its role citing the delay in the filing the financial statements for FY22.

The company’s SVP for international business, Cherian Thomas, left the company this month.

Meanwhile, the startup recently roped in former Infosys executive VP and HR head Richard Lobo as an exclusive advisor in an attempt to transform its HR function. BYJU’S has also hired former upGrad CEO Arjun Mohan as the CEO of its international business. 

The edtech company also appointed former SBI Chairperson Rajnish Kumar and ace investor TV Mohandas Pai as members of its advisory council in July.

The post Security Researcher Claims Tech Glitch Exposed BYJU’S Students’ Data; Co Denies Leaks appeared first on Inc42 Media.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Security Researcher Claims Tech Glitch Exposed BYJU’S Students’ Data; Co Denies Leaks

A security researcher has claimed that a technical glitch at BYJU’S exposed sensitive data of students, including their loan and payment details. However, the embattled edtech giant told Inc42 it was a temporary glitch and no data was compromised.

The glitch came to notice after security researcher Bob Diachenko posted on X (formerly Twitter) about it on August 23. “Byju’s, an education technology giant and India’s most valuable startup, exposed data of its customers via misconfigured service instance. While there is no response from the company, personal data of students, incl. loan and payment details along with other info, is at risk,” he said.

TechCrunch reported that names, addresses, phone numbers and email IDs of the students were also exposed.

However, BYJU’S said that no personal data was exposed. “There was a temporary exposure of a small fraction of our systems for a very short duration. Please note, no data or information was exposed or compromised during this event,” BYJU’S CTO Anil Goel said. 

“Our technical team has promptly resolved this issue as soon as it came to our notice. We would like to reiterate that all our systems have been built around safeguarding the privacy and security of our data,” Goel added.

Back in 2021, a similar case was reported with BYJU’S data that involved a security lapse and “this time it is much worse”, Diachenko’s post on X said. 

Diachenko told TechCrunch there were several IP addresses with the misconfigured server that enabled anyone to access the queue to read the students’ records without a password.

The company used the misconfigured Apache Kafka server to send and receive data in real time, he said. 

The misconfiguration was apparently fixed after the researcher’s post on X.

Earlier in 2020, personal data of 2.8 Lakh students and teachers enrolled on BYJU’S-owned WhiteHat Jr was reportedly exposed due to vulnerabilities in the company’s server.

Diachenko reportedly claimed 1 Mn-2 Mn records were accessible due to the latest issue at the startup.

BYJU’S Many Troubles

The incident adds to the woes of BYJU’S, which has been plagued with multiple controversies and issues pertaining to corporate governance, funding crunch, layoffs, delay in filing financial statements, and $1.2 Bn Term Loan B.

The beleaguered edtech decacorn also witnessed a major overhaul of its board and core team recently.

In June this year, three of its board members, including GV Ravishankar, MD of early-backer Peak XV Partners, resigned, along with representatives of Prosus and Chan Zuckerberg Initiative. 

BYJU’S former auditor Deloitte also quit from its role citing the delay in the filing the financial statements for FY22.

The company’s SVP for international business, Cherian Thomas, left the company this month.

Meanwhile, the startup recently roped in former Infosys executive VP and HR head Richard Lobo as an exclusive advisor in an attempt to transform its HR function. BYJU’S has also hired former upGrad CEO Arjun Mohan as the CEO of its international business. 

The edtech company also appointed former SBI Chairperson Rajnish Kumar and ace investor TV Mohandas Pai as members of its advisory council in July.

The post Security Researcher Claims Tech Glitch Exposed BYJU’S Students’ Data; Co Denies Leaks appeared first on Inc42 Media.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

ICAI Says Probe Into Alleged Audit Lapses At BYJU’S...

SUMMARY ICAI president Ranjeet Kumar Agarwal has revealed that...

MobiKwik Shares Surge 12.5% To INR 549.80 

SUMMARY The broader benchmark indices showed recovery today with...

Ranjita Ghosh: Wipro elevates Ranjita Ghosh as new global...

Indian IT major Wipro on Monday announced the...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!