Researchers from cybersecurity firm vpnMentor discovered a data breach related to a popular Spanish e-Learning platform 8Belts, exposing personal data of over 100,000s of e-learners across the globe.
In its primary investigation report, the researchers claimed that 8Belts database was stored on a misconfigured Amazon Web Services (AWS) S3 bucket which resulted in the data leakage. “By our estimates, the breach – which originated from a misconfigured Amazon Web Services S3 bucket – affected 100,000s of people across the globe, exposing their private data, and making them vulnerable to dangerous attacks and frauds from cybercriminals. By not securing its user data, 8Belts compromised the safety and privacy of its users and the future of the company itself,” the researchers said.
According to VpnMentor, the exposed database contained different forms of Personally Identifiable Information (PII) of 8Belts users, including:
- Full names
- Email addresses
- Phone numbers
- Dates of birth
- Country of residence
- National ID numbers
- Skype IDs
“All of these private data could be combined and exploited in various ways to target those exposed for fraud, theft, and online attack. While most of 8Belts’ users reside in Spanish-speaking countries, people from all over the world were exposed. Records included data from residents in almost every country on the planet, across six continents. From the U.S. to Uzbekistan, Australia to Angola, Belgium to Barbados, this data breach covered the entire globe,” researchers added.
In addition to PII data, information like students’ account details, course history, performance report, courses they had taken, account user IDs, evaluation scores, and certificates of completion were also exposed in the incident.
Data Breaches on E-Learning Platforms
Recently, India-based online learning platform Unacademy suffered a data breach that exposed details of 22 million users. It was also found that the unknown hackers kept 21,909,707 user records for sale at $2,000 on darknet forums. The compromised information included usernames, hashed passwords, date of joining, last login date, account status, email addresses, first and last names, and other account profile details. Hemesh Singh, Co-founder and CTO of Unacademy, confirmed the data breach and stated that only 11 million users were affected and no sensitive information like financial data, location or passwords were exposed.