Another Amazon Web Services-linked breach was detected, with online coding platform WhiteHat Jr. exposing about 2.8 Lakh students and teachers due to system security vulnerabilities.
Educational startup WhiteHat Jr. said on Wednesday, Nov. 25, that it has detected a glitch in its servers that led to user data and personally identifiable information (PII) to be exposed. In an initial investigation, the company said an unauthorized person hacked the server and accessed the unencrypted data bucket.
About 280,000 users were affected, deemed vulnerable by an independent security researcher. ET verified the breach with WhiteHat Jr. about the issue and the Mumbai-based company has acted on it immediately on Nov. 2020.
The exposed bucket contained information of school kids, like complete names, age, gender, images, user IDs, progress reports, and even teacher and parents data. Internal company documents are included, along with salary info, and recorded videos of classes.
Company spokesperson said, ‘Based on the information received from responsible disclosures, we reviewed our setup and worked to patch specifically identified vulnerabilities within 24 hours.”
According to the cybersecurity researcher, the educational platform was using AWS servers and the S3 buckets, where the data is stored and left out in the public. Anyone can access the content and folders, data, and videos.
Typically, these data buckets and servers must be stored and can only be accessed by authorized personnel only, with a username and password. What happened is, WhiteHat’s servers aren’t controlled, which means it’s left open to the web.
The company stated that they strive to improve its customer experience and performance of the app, and are using industry-validated tools and software to ensure robust security.
WhiteHat Jr. has made a massive move and filed a defamation case against vocal critics. Founder and entrepreneur Karan Bajaj have taken legal action against Pradeep Poonia, an engineer who publicly criticized the firm for its marketing strategies, courses offered, and others.
The educational platform also filed a case against an investor Aniruddha Malpani, for sharing unflattering feedback about the startup. Since most of the clients come from America, with kids getting on one-to-one classes, the company surely has gained more profit.
In fact, classes surged 90 percent, which is a first huge hit. Its lawsuit against Poonia is seeking $2.7 million in damages for accusing the company of infringing trademarks and copyright of properties, plus providing misleading information.