WhiteHat Jr, BYJU’S-owned online coding platform, has fixed a cyber security issue after exposing personal data of over 2.8 lakh students and teachers due to multiple vulnerabilities.
The online platform had fixed the security flaws after it was informed by a security researcher. It also claimed that no breach of data has happened due to the loopholes.
Last month, Mumbai-based WhiteHat Jr was found to have another security issue that was also leaking students’ personal data and transaction details.
The security researcher who discovered the latest vulnerabilities within WhiteHat Jr made a disclosure to the online platform on November 19. The issues existed due to a misconfigured backend server that exposed data including student names, age, gender, profile photos, user IDs, parent’s name, and progress reports.
The vulnerabilities allowed access to information related to teachers and partners of students. Salary details of WhiteHat Jr employees as well as its internal documents and dozens of recorded videos of online classes being conducted by the platform were also exposed.
The researcher reportedly got a response within a day after emailing its chief technology officer Pranab Dash on November 19 and 20.
Santosh Patidar, founder of queue management app DINGG, last month highlighted a flaw in one of the platform’s APIs that was exposing personal data of students alongside transaction details.
Patidar took to LinkedIn to reveal the security flaw within WhiteHat Jr and was reached out by its CTO. He later updated the original LinkedIn post stating, “They have fixed the issue.”
WhiteHat Jr was acquired by edu-tech company Byju’s in August this year for $300 million.
Whitehat Jr is India’s second largest ed-tech company at a revenue run rate of $150 million.
WhiteHat Jr recently announced its plans to expand to other global markets like Canada, UK, Australia and New Zealand after a stellar growth in the US for its one-to-one online coding classes.
WhiteHat Jr. helps kids aged 6 to 14 years build commercial-ready games, animations and apps online using the fundamentals of coding.