Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Whitehat Jr. Show all posts

Indian Startup Exposed Byju's Compromised Server Data

 

Salesken.ai, an Indian-based technology secured a compromised server that was leaking out private and sensitive data on one of its clients, Byju's, a startup and one of the leading educational startups. The server was left uncompromised since June 14, says Shodan, who provide the historical data. Shodan is a search engine for compromised devices and databases. Anyone could access the server data as it was left without the password. 

The compromised server was discovered by security researcher Anurag Sen, who also asked for assistance from Tech Crunch. "WhiteHat Jr. spokesperson Sameer Bajaj said the company is currently communicating with Salesken.ai about the incident and will take appropriate action in accordance with our rigorous security policies," reports Tech Crunch. Salesken.ai offers companies like Byjus customer-relationship technology. It is a Bangalore-based start-up that recently raised $8 Million in Series. 
Funding from Sequoia Capital India in 2020, after two years of its founding. 

Most of the data stored in the compromised server containing information related to an online school that teaches coding to students in India and the U.S. Byjus bought Whitehat for $300 Million last year. The server had the names and addresses of the students and the email addresses and contact numbers of the parents and teachers. Besides this, the exposed server contained other data related to students, such as chat logs between parents and staff, and remarks given by teachers to their students. The compromised server also contained email copies that had reset codes for restoring accounts and other data pertaining to Salesken.ai. 

Co-founder and chief executive at Salesken.ai, Surga Thilakan says the company is currently investigating the issue but didn't disclose any information related to what kind of data was exposed in the compromised server. "Our assessment suggests the exposed device appears to be a non-production, staging instance of one of our integration services having access to less than 1% of India-based end-of-life sales logs for a fortnight." Salesken.ai follows stringent data security norms and is certified under the highest standards of global security and safety. We have, in an abundance of caution, immediately severed access to the cloud device," reports Tech Crunch.