Byju’s Student Data Exposed by a Server Leak

India-based educational technological company Byju’s becomes embroiled in a data security incident after having its server exposed by Salesken.ai. The server in question has reportedly been unprotected for at least two weeks from around June 14, 2021, reveals Tech Crunch.

Byjus’s is considered the most valuable startup company throughout India. As of writing, Tech Crunch states that Byju’s is currently valued at over $16 billion after successfully raising a whopping $1.5 billion this 2021.

Salesken.ai, on the other hand, is a Bengaluru-based technology startup that specializes in providing its clients with customer relationship technology to further improve customer engagement. The Tech Portal said that the exposed server was left without a password from at least the 14th of June, 2021.

Byju’s Student Data Exposed

Anurag Sen, a security researcher, initially discovered the exposed server and immediately brought it to the attention of the company. Following this, Tech Crunch states that Salesken.ai took out the unprotected server from the Internet just last Tuesday, June 29, 2021.

Chief executive officer and co-founder of Salesken.ai, Surga Thilakan, told Tech Crunch in an interview that “Our assessment suggests the exposed device appears to be a non-production, staging instance of one of our integration services having access to less than 1% of India based end-of-life sales logs for a fortnight.”

“Salesken.ai follows stringent data security norms and is certified under the highest standards of global security and safety. We have, in an abundance of caution, immediately severed access to the cloud device,” continued Thilakan in his statement.

Most of the data that came from the exposed server relates to the online coding school called WhiteHat Jr. The company was bought by Byju’s in 2020 for $300 million for use by students both in India and in the United States.

Among the information compromised by the exposed server include Byju’s student data. These include student names, the classes these students have taken, as well as the contact information of students such as their email addresses, reveals Tech Crunch.

Apart from these, the phone numbers of parents and teachers have also been made vulnerable. The unprotected server also includes chat logs between parents and the staff of WhiteHat Jr. and comments of teachers regarding their students.

Following the incident, WhiteHat Jr. spokesperson Sameer Bajaj maintained that they were in contact with Salesken.ai. The coding school also said that they will be taking the necessary taking steps “in accordance with our rigorous security policies.”