Explained: How BYJU’s Data Leak Will Impact Students, Parents & Teachers

BYJU’s, a unicorn with approx.$16B valuation, Customer data got leaked through one of their vendor, who was engaged to manage BYJU’s Customer Relations Management (CRM) system.

Nature of Leak: The affected server was in an “unprotected” state since 14^th June, which means it was without any password. The server contained the names and classes taken by students and email addresses and phone numbers of parents and teachers. It also contained other data related to students, such as chat logs between parents — identified by their phone number — and WhiteHat Jr. staff, as well as comments recorded by teachers about their students. The server also contained copies of emails containing codes to reset user accounts.

Analysis : BYJU’s is household name in today’s arena, where they educate and train the child from Class 5 to make them next Bill Gates to IAS aspirants. The amount and energy they spend on marketing & branding is amazing. Sponsoring Indian Cricket Team to hiring Shah Rukh Khan to acquire and retain the customers. Enough coverage has been done on BYJUs toxic work culture -very stiff targets to their sales force :- by any means they need to meet their target.

Primafacie , if they would had allotted even 4-5% of total revenue and energy in harnessing the security components/infrastructure including Supply Chain controls, probably this particular incident could had been averted. Specially at a time when Cyber Attacks are at its peak globally.

This is more pertinent for company like BYJU which claims to shape up and train Best Coders and make them next Bill Gates even for the Class 5 onwards students. Whenever you teach the kids about safe programming, this should haunt BYJU. Kids shall always question: How/Why this attack happen.?

Not sure of the timelines of the outcome of the investigation, but one thing is for sure, BYJU’s customers have been taken for a ride. Imagine now kids and their parents are going to get creepy calls for tuitions across country every 5-10 mins, utilising these leaked data. More worse, in case these database can be used for nefarious activities as well.

Who should be held responsible for exposing these data of their customers- Kids/Parents/Teachers?

Disclaimer: Information compiled through publicly available information.