ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Vedantu Data Breach

vedantu.com
Limited exposure
Verified breach Passwords exposed
Accounts exposed 686,899
Breach date 08 Jul 2019
Added to tracker 01 Nov 2019
Data classes 10

What happened

In mid-2019, the Indian interactive online tutoring platform Vedantu suffered a data breach which exposed the personal data of 687k users. The JSON formatted database dump exposed extensive personal information including email and IP address, names, phone numbers, genders and passwords stored as bcrypt hashes. When contacted about the incident, Vedantu advised that they were aware of the breach and were in the process of informing their customers.

Exposed data

Browser user agent details Email addresses Genders IP addresses Names Passwords Phone numbers Spoken languages Time zones Website activity

Recommended actions

  • Change your Vedantu password immediately, and update it anywhere you reused the same password.
  • Enable two-factor authentication on the affected account and on your critical services (email, banking).
  • Watch for targeted phishing emails referencing Vedantu — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP