Vulnerability exposed Edureka user data, in excess of 25 GB, and contained more than 45 million records including email addresses, full names and phone numbers
A team of security experts at SafetyDetectives announced the discovery of a massive data breach at Indian e-learning platform Edureka, impacting up to 2 million users, with almost all affected based in India.
Edureka, a premier e-learning platform and online education marketplace co-founded in 2011 by Lovleen Bhatia, offers online education programs including higher education courses, masters and postgraduate courses from Indian universities, using a combination of live and recorded instructor-led programs to working professionals seeking digitally powered skills enhancement.
Led by Anurag Sen, the SafetyDetectives security research team discovered a massive amount of highly sensitive personal information, belonging to up to 2 million Edureka users, publicly exposed and without password protection. This meant that mere knowledge of the server’s IP address provided access to the entirety of this sensitive database containing user names, email addresses, phone numbers, login activity records, and miscellaneous auth token information on Amazon servers hosted in the US.
The SafetyDetectives team first discovered the Edureka vulnerability on 1st August 2020 while running routine IP address checks on specific ports. In line with its security protocols, SafetyDetectives attempted to contact Edureka on 6 August 2020, to notify and brief the company of its findings. Failing to receive a response, the SafetyDetectives team reached out to the Indian Computer Emergency Response Team (CERT-In) on 13 August 2020, and the exposed Edureka server and data were secured soon after.