• 1800 120 77 88 99

WhiteHat Jr exposed personal data of 2.8 lakh students, teachers; and transaction details too

Saransh Pandey

Intern
  • December 01, 2020
Share with
    The security researcher who had discovered the vulnerabilities within WhiteHat Jr had made the disclosures to the firm on November 19.

Popular online coding platform WhiteHat Jr. because of the multiple vulnerabilities which were present in its servers until the middle of November, reportedly exposed personal data of over 2.8 lakh students and teachers. The platform has stated that they have solved the flaws which were present in its servers until the middle of November. 

After being informed by a security researcher, the platform has stated that they fixed their flaws present in the platform. Though, it is not clear if the affected data was compromised until the loopholes were patched. Also, last month, the Mumbai-based coding platform had another issue wherein it was reportedly leaking students' personal data and transaction details. 

The security researcher who had discovered the vulnerabilities within WhiteHat Jr had made the disclosures to the firm on November 19. According to reports the personal data of over 2.80 lakh students including names of their parents were lying exposed due to a vulnerability on the company's server-side. 

The issues were present because of a misconfigured backend server that was responsible for exposing the data which included the student names, age, gender, profile photos, user IDs, parents names, and progress reports. The data also included details of a larger number of minor students.  

The vulnerabilities also allowed access to information related to teachers and partners of students. Salary details of WhiteHat Jr employees and as well as its internal documents and also dozens of recorded videos of online classes were exposed, according to the report. 

WhiteHat Jr. has clarified that there were no data leaks, exposures, or breach. The company also issued a statement saying, " WhiteHatJr takes security and privacy issues very seriously. We are committed to both our customers and to our compliance with applicable laws. Based on information received from responsible disclosures, we reviewed our setup and worked to patch specifically identified vulnerabilities within 24 hours.” 

Want to subscribe our Newsletter?