BYJU’S Ensures No Compromise on Student Data During Systems Exposure
- ByStartupStory | August 27, 2023
BYJU’s, the edtech firm, has responded to claims of a brief and temporary exposure of its systems, emphasizing that there has been no compromise on student data or information. In light of security researcher Bob Diachenko’s allegations that BYJU’s had inadvertently exposed personal details of students, including payment and loan information, Anil Goel, Chief Technology Officer at BYJU’s, released a statement reassuring the public.
Goel stated, “There was a temporary exposure of a small fraction of our systems for a very short duration… no data or information was exposed or compromised during this event. Our technical team promptly resolved this issue as soon as it came to our notice. We would like to reiterate that all our systems have been built around safeguarding the privacy and security of our data.”
Earlier, on August 23, Diachenko reported on X that BYJU’s had exposed customer data due to a “misconfigured service instance.” He expressed concerns over the lack of response from the company and the risk to students’ personal information, including loan and payment details. The data exposure was initially identified on August 15 through the search engine Shodan, as per a TechCrunch report. Diachenko reached out to BYJU’s about the issue, but the company remained unresponsive until the details were disclosed on X. The misconfiguration was subsequently rectified.
It’s worth noting that a similar incident occurred with BYJU’s in 2020, wherein sensitive information like student names, enrolled courses, and parent and educator contact details were exposed on an unsecured server. Diachenko remarked on X that the current situation is even more severe than the previous occurrence.
Follow Startup Story
Related Posts
