{
	"id": "cd854389-b41e-4568-b7fe-26a0f2358754",
	"created_at": "2026-04-06T00:07:34.017781Z",
	"updated_at": "2026-04-10T13:12:07.568752Z",
	"deleted_at": null,
	"sha1_hash": "4b6893eeb7eed8223095f5fc35aaf985cbbc807c",
	"title": "Hacker sells 22 million Unacademy user records after data breach",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1182830,
	"plain_text": "Hacker sells 22 million Unacademy user records after data breach\r\nBy Lawrence Abrams\r\nPublished: 2020-05-06 · Archived: 2026-04-05 20:57:56 UTC\r\nOnline learning platform Unacademy has suffered a data breach after a hacker gained access to their database and started\r\nselling the account information for close to 22 million users.\r\nUnacademy is one of India's largest online learning platforms boasting 14K teachers, over a million video lessons, and over\r\n20 million registered users (learners).\r\nAfter recently raising $110 million in funding from General Atlantic, Sequoia and Facebook, Unacademy has a valuation of\r\nover $500 million.\r\nhttps://www.bleepingcomputer.com/news/security/hacker-sells-22-million-unacademy-user-records-after-data-breach/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/hacker-sells-22-million-unacademy-user-records-after-data-breach/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nHacker sells Unacademy user database\r\nOn May 3rd, 2020, cyber intelligence company Cyble Inc. discovered that a threat actor had begun to sell an Unacademy\r\nuser database containing 20 million accounts for $2,000.\r\nUnacademy database for sale\r\nWhile advertised as 20 million, the database contains a total of 21,909,707 user records.\r\nThese records include usernames, SHA-256 hashed passwords, date joined, last login date, email addresses, first and last\r\nnames, and whether the account is active, a staff member, or a superuser.\r\nUnacademy user records table\r\nAfter contacting numerous Unacademy users, BleepingComputer has verified that the data being sold is authentic and\r\ncontains accurate information.\r\nThe last account created in the database is from January 26th, 2020, which indicates that the hacker most likely breached\r\nUnacademy's systems around that time.\r\nCyble has told BleepingComputer that numerous accounts using corporate emails exist in the database as well.\r\nThis includes accounts from Wipro, InfoSys, Cognizant, Google, and Facebook.\r\nIf these users utilize the same passwords on their corporate network it could allow the threat actor to gain access to these\r\nnetwork as well.\r\nIn a statement from Hemesh Singh, Co-founder and CTO, Unacademy, confirmed the breach, but stated only 11 million\r\nusers were affected and that no passwords were exposed.\r\n\"We have been closely monitoring the situation and can confirm that basic information related to around 11 million learners\r\nhas been compromised. However, we would like to assure our learners that no sensitive information such as financial data,\r\nlocation or passwords has been breached. We follow stringent encryption methods using the PBKDF2 algorithm with a\r\nSHA256 hash, making it highly implausible for anyone to access the learner passwords. We also follow an OTP based login\r\nsystem that provides an additional layer of security to our learners. We are doing a complete background check and will be\r\naddressing any potential security loophole to further our efforts of ensuring a robust security mechanism. Data security and\r\nprivacy of our learners is of utmost importance to us and we will be in communication with our learners to keep them\r\nupdated on the progress.\"\r\nhttps://www.bleepingcomputer.com/news/security/hacker-sells-22-million-unacademy-user-records-after-data-breach/\r\nPage 3 of 5\n\nAs already stated, based on the samples shared with BleepingComputer, there were a far greater amount of user records\r\nexposed and they did contain hashed passwords.\r\nBleepingComputer has once again reached out to Unacademy with follow up questions regarding these discprenacies.\r\nHackers claim to have stolen more than user data\r\nIn a conversation seen by BleepingComputer, the hackers state that they have stolen much more than just the user database.\r\nThe threat actors have alleged to Cyble's researchers that they have stolen the entire database, but are only putting the user\r\nrecords up for sale at this time.\r\nThis holding back of other data indicates that there is more value to be had in the stolen database than just user records.\r\nIt is not known what this data includes.\r\nWhat should Unacademy users do?\r\nIf you are a registered Unacademy learner or educator, it is strongly suggested that you immediately change your password\r\non the site.\r\nIf you use the same password at other sites, we strongly suggest that you change your password to a unique one at those sites\r\nas well.\r\nUsers should also be wary of targeted phishing emails that pretend to be from Unacademy and utilize the information stored\r\nin this database.\r\nCyble has acquired the database and added the user records to its data breach monitoring service amibreached.com.\r\nUnacademy users can use this service to verify if their account was leaked as part of this breach.\r\nUpdate 5/6/20 3:42 PM EST: Added statement\r\nhttps://www.bleepingcomputer.com/news/security/hacker-sells-22-million-unacademy-user-records-after-data-breach/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/hacker-sells-22-million-unacademy-user-records-after-data-breach/\r\nhttps://www.bleepingcomputer.com/news/security/hacker-sells-22-million-unacademy-user-records-after-data-breach/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/hacker-sells-22-million-unacademy-user-records-after-data-breach/"
	],
	"report_names": [
		"hacker-sells-22-million-unacademy-user-records-after-data-breach"
	],
	"threat_actors": [],
	"ts_created_at": 1775434054,
	"ts_updated_at": 1775826727,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4b6893eeb7eed8223095f5fc35aaf985cbbc807c.pdf",
		"text": "https://archive.orkl.eu/4b6893eeb7eed8223095f5fc35aaf985cbbc807c.txt",
		"img": "https://archive.orkl.eu/4b6893eeb7eed8223095f5fc35aaf985cbbc807c.jpg"
	}
}