Indian Startup Exposed Byju’s Compromised Server Data – E Hacking News
Salesken.ai, an Indian-based technology secured a compromised server that was
leaking out private and sensitive data on one of its clients, Byju’s, a startup
and one of the leading educational startups. The server was left uncompromised
since June 14, says Shodan, who provide the historical data. Shodan is a search
engine for compromised devices and databases. Anyone could access the server
data as it was left without the password.
The compromised server was discovered
by security researcher Anurag Sen, who also asked for assistance from Tech Crunch.
“WhiteHat Jr. spokesperson Sameer Bajaj said the company is currently
communicating with Salesken.ai about the incident and will take appropriate
action in accordance with our rigorous security policies,” reports Tech Crunch.
Salesken.ai offers companies like Byjus customer-relationship technology. It is
a Bangalore-based start-up that recently raised $8 Million in Series.
Funding from Sequoia Capital India in 2020, after two years of its founding.
Most of the data stored in the compromised server containing information related
to an online school that teaches coding to students in India and the U.S. Byjus
bought Whitehat for $300 Million last year. The server had the names and addresses
of the students and the email addresses and contact numbers of the parents and
teachers. Besides this, the exposed server contained other data related to
students, such as chat logs between parents and staff, and remarks given by
teachers to their students. The compromised server also contained email copies
that had reset codes for restoring accounts and other data pertaining to
Co-founder and chief executive at Salesken.ai, Surga Thilakan says
the company is currently investigating the issue but didn’t disclose any
information related to what kind of data was exposed in the compromised server. “Our assessment suggests the exposed device appears to be a non-production,
staging instance of one of our integration services having access to less than
1% of India-based end-of-life sales logs for a fortnight.” Salesken.ai follows
stringent data security norms and is certified under the highest standards of
global security and safety. We have, in an abundance of caution, immediately
severed access to the cloud device,” reports Tech Crunch.