Cyber Incident Victim: Vedantu

In July 2019, Indian online education platform Vedantu experienced a data breach compromising the personal information of 687,000 users. The incident involved unauthorized access to a database containing JSON-formatted records, which included email addresses, IP addresses, full names, phone numbers, genders, and passwords stored as bcrypt hashes. Evidence suggested the breach potentially resulted from an exposed MongoDB instance, though this attribution remained unconfirmed. Vedantu became aware of the breach months later through external notification channels, including the breach tracking service HaveIBeenPwned. The company acknowledged the incident when contacted by third parties and initiated customer notifications approximately four months after the intrusion occurred.

The exposed dataset created significant risks for affected users, particularly through the combination of phone numbers with names and other identifiers. Cybersecurity experts warned this information could facilitate targeted phishing campaigns, identity theft schemes, and SIM swap attacks capable of bypassing two-factor authentication systems. The inclusion of phone numbers specifically elevated concerns about voice-based social engineering attempts and financial fraud. While password hashes remained cryptographically protected, the breach's delayed discovery meant users were vulnerable to exploitation for an extended period. Vedantu's public response focused on breach disclosure to customers, with no additional remediation measures detailed in available reports. Security researchers emphasized the need for affected individuals to scrutinize unsolicited communications referencing their personal data from the compromised database.