web analytics


Indian tech startup exposed Byju’s student data – 98bmp

todayJune 30, 2021 11

share close

India-based technology startup Salesken.ai has secured an exposed server that was spilling private and sensitive data on one of its customers, Byju’s, an education technology giant and India’s most valuable startup.

The server was left unprotected since at least June 14, according to historical data provided by Shodan, a search engine for exposed devices and databases. Because the server was without a password, anyone could access the data inside. Security researcher Anurag Sen found the exposed server, and asked 98bmp for help in reporting it to the company.

The server was pulled offline a short time after we contacted Salesken.ai on Tuesday.

Salesken.ai provides customer relationship technology to companies like Byju’s to engage better with customers. The Bengaluru-based startup raised $8 million in Series A funding from Sequoia Capital India in 2020, two years after the company was founded.

Much of the data contained on the exposed server pertained to WhiteHat Jr., an online coding school for students in India and the U.S., which Byju’s bought for $300 million in 2020. Byju’s is currently valued at more than $16 billion after raising $1.5 billion earlier this year.

The server contained the names and classes taken by students and email addresses and phone numbers of parents and teachers. The server also contained other data related to students, such as chat logs between parents — identified by their phone number — and WhiteHat Jr. staff, as well as comments recorded by teachers about their students.

The server also contained copies of emails containing codes to reset user accounts and other internal Salesken.ai data.

Surga Thilakan, co-founder and chief executive at Salesken.ai, told 98bmp the startup was “evaluating” the security incident but did not dispute what kind of data was found on the exposed server..

“Our assessment suggests the exposed device appears to be a non-production, staging instance of one of our integration services having access to less than 1% of India based end-of-life sales logs for a fortnight,” said Thilakan. “Salesken.ai follows stringent data security norms and is certified under the highest standards of global security and safety. We have, in an abundance of caution, immediately severed access to the cloud device.”

Thilakan did not respond to a follow-up email from 98bmp asking why real user data was stored in what the company claims is a “non-production, staging” server. The company also would not say if it has logs or any evidence to determine if data was accessed or downloaded as a result of the security lapse.

WhiteHat Jr. spokesperson Sameer Bajaj said the company is “currently communicating with Salesken.ai about the incident and will take appropriate action in accordance with our rigorous security policies.”



Source link

Written by: admin

Rate it

Previous post

Music News

Sammy Hagar Announces Fall 2021 Las Vegas Residency

Sammy Hagar recently revealed concert dates for an upcoming Les Vegas residency — the former Van Halen singer will perform over multiple nights this fall at the city's The Strat Showroom.It goes down Oct. 29-30 and again on Nov. 5-6. Each pair of dates falls on a fittingly hedonistic Friday-Saturday combo, allowing the party-hardy musician, restauranteur and Cabo Wabo tequila maker to wow audiences with his current outfit, Sammy Hagar […]

todayJune 30, 2021 4

Post comments (0)

Leave a reply