Cyber Incident Victim: Unacademy

In early May 2020, cybersecurity firm Cyble Inc. identified a threat actor advertising the sale of an Unacademy user database containing approximately 20 million accounts on underground forums for $2,000. Subsequent analysis revealed the database actually contained 21,909,707 user records, with the most recent account creation date listed as January 26, 2020, indicating the breach likely occurred around that timeframe. The compromised data included usernames, SHA-256 hashed passwords, registration dates, last login timestamps, email addresses, first and last names, and account status indicators (active/staff/superuser). BleepingComputer verified the authenticity of samples from the database through direct user confirmation. Unacademy's leadership acknowledged the incident through a statement from CTO Hemesh Singh, confirming compromise of "basic information" for approximately 11 million learners while asserting no exposure of financial data, location information, or plaintext passwords due to their use of PBKDF2 encryption with SHA-256 hashing and OTP-based authentication systems.

The breach exposed corporate email accounts from major technology firms including Wipro, Infosys, Cognizant, Google, and Facebook, creating potential secondary risks for enterprise networks through password reuse. Cyble acquired the full database and integrated it into their AmIBreached monitoring service to enable user verification. Forensic evidence contradicted Unacademy's official impact assessment regarding both the scale of affected accounts (22 million vs. 11 million) and the exposure of password hashes. The company initiated internal security reviews and committed to addressing vulnerabilities while maintaining user communications about remediation efforts. Security researchers advised affected users to change Unacademy passwords immediately, employ unique credentials across other services, and remain vigilant against targeted phishing attempts leveraging the stolen personal information.