With the shift to online education thanks to the pandemic, edtech start-ups have witnessed an unprecedented boom in their businesses. However, with great power comes great responsibility. In this, Salesken.ai has erred, as student data from Byju’s was found leaking from a server.
Salesken.ai, is a Bengaluru-based technology start-up, which left a server exposed relating to Byju’s user data. However, it has now secured the exposed server which was spilling sensitive student data on the internet. According to search engine Shodan, the server had been left unprotected and without a password since at least June 14. That is more than 2 weeks of private data exposed on the internet for anyone to access.
Security researcher Anurag Sen found the exposed server, which was pulled offline after Salesken.ai was contacted by TechCrunch on Tuesday. Most of the data on the server contained the classes and names of students, as well as contact information such as email addresses and phone numbers of teachers and students.
It also contained data like chat logs between parents and staff of WhiteHat Jr. (the e-coding school for students which was acquired by Byju’s last year for $300 million), as well as comments recorded by teachers about their students, copies of emails containing codes to reset user accounts and other internal Salesken.ai data. The Bengaluru-based Salesken.ai raised $8 million in its Series A funding round from Sequoia Capital last year and is known for providing customer relationship technology to companies like Byju’s to engage better with customers.
Byju’s itself is a leader in the edtech space and is valued at more than $16 billion after it raised $1.5 billion earlier this year.
In modern times, the need for cybersecurity has increased as hacks and data breaches have become a common occurrence. Not too long ago, well-established companies like Domino’s, LinkedIn, Air India, Bizongo, and Upstox became victims of data breaches.
According to Surga Thilakan, co-founder and CEO at Salesken.ai, the start-up was “evaluating” the security incident. He did not dispute what kind of data was found on the exposed server.
“Our assessment suggests the exposed device appears to be a non-production, staging instance of one of our integration services having access to less than 1% of India-based end-of-life sales logs for a fortnight,” said Thilakan. “Salesken.ai follows stringent data security norms and is certified under the highest standards of global security and safety. We have, in an abundance of caution, immediately severed access to the cloud device.”
WhiteHat Jr. spokesperson Sameer Bajaj said the firm was communicating with Salesken.ai “about the incident and will take appropriate action in accordance with our rigorous security policies.”
It is argued that the internet is already an unsafe place for teenagers and young people, and with their private data in the open for anyone to see, the argument only gets stronger.