Online coding tutoring platform WhitHat Jr owned by Byjus was found to left personal data of over 2.80 lakh students and teachers open to outsiders through multiple bugs.The company had left its back end server open which allowed access to several plaintext data like student age ,name,gender,photograph,parents name etc open to outsiders.
A security researcher reported the vulnerability in 19th of November,he received acknowledgement through a mail and the the access to WhiteHat Jr’s AWS servers were restricted later on November 20th.
Apart from personal data of students information of parents, teachers videos of classes conducted and the salary documents of the employees at white Hat jr were also left exposed
“WhiteHatJr takes security and privacy issues very seriously. We are committed to both our customers and to our compliance with applicable laws. Based on information received from responsible disclosures, we reviewed our setup and worked to patch specific identified vulnerabilities within 24 hours. We reiterate that no breach of data has happened in this context on company’s computer systems and networks, out of an abundance of caution we are continuing our investigation to ensure that this is the case. We regularly undertake and continue with various initiatives to strengthen our Security and Privacy set-up and have also retained external security experts to assist us.” said the company’s spokesperson
WhiteHat Jr was found by Karan Bajaj in 20q8 and was acquired by BYJU’S this year in August for nearly USD 300billion.WhiteHat Jr is a platform that teaches coding to children between the age six to eighteen years
this is not the only time the company was named in vulnerability of personal data .Santosh Patidar the founder or queue management app posted an issue on LinkedIn saying that the company was leaking personal data through its API,Later ot was updated that the bug was fixed
WhiteHat Jr has been facing criticism for a while now, recently it came in news when for allegedly false advertisements that feature young students. The company also recently filed a ₹ 20 crore defamation lawsuit against one of its critics, Pradeep Poonia, who alleged that the platform was not providing quality education to its students.