Educational technology startup WhiteHat Jr<\/a> said on Wednesday that it had earlier this month discovered “vulnerabilities” in its servers that had led to user data, including personally identifiable information (PII), being exposed. 教育技术创业WhiteHat小本月早些时候周三表示,已发现在其服务器“漏洞”,导致了用户数据,包括个人身份信息(PII)接触。
The vulnerability in its backend server, which allowed access to a variety of personal data of 280,000 users to outsiders, was flagged by an independent security researcher. ET could not independently verify when the security researcher first informed WhiteHat Jr about the issue.
But by November 20, the Mumbai-based company had taken note and resolved it, according to a report on Tuesday by news website The Quint<\/a>.
A WhiteHat Jr spokesperson told ET that, based on “information received from responsible disclosures, we reviewed our setup and worked to patch specifically identified vulnerabilities within 24 hours.”
WhiteHat Jr hosts its servers on cloud computing platform Amazon Web Services (AWS).
The exposed data at the online coding<\/a> platform for school kids included student names, age, gender, images, user IDs, and progress reports, etc. Most of this data is considered PII and categorised as sensitive personal data by the Personal Data Protection Bill that was tabled in Parliament last year.
Besides the PII of minors, the researcher also informed WhiteHat Jr that information about its teachers, parents, salary documents, internal company documents, and recorded videos of classes being conducted, was also accessible.
WhiteHat Jr did not disclose for how long the user data had been exposed but confirmed that “no breach of data has happened in this context on company's computer systems and networks.”
It said, “out of an abundance of caution, we are continuing our investigation to ensure that this is the case.”
The company did not, however, respond to specific queries on whether it had informed concerned users that their data had been exposed.
It also did not say whether the Indian Computer Emergency Response Team, or CERT-In, the nodal agency for responding to computer security incidents, had been informed.
“We regularly undertake and continue with various initiatives to strengthen our security and privacy set-up and have also retained external security experts to assist us,” the company spokesperson said.
Commenting on the issue, Shree Parthasarathy, partner and national leader – cyber risk services, Deloitte India, said, this isn’t a one-off incident. “A lot of larger organisations and startups are not investing in building security systems to ensure the security and privacy of data, when it is their fiduciary responsibility to protect user and customer data like personally identifiable information and financial information.”
Separately, on October 20, Santosh Patidar, founder of queue management app DINGG, had posted on professional networking site LinkedIn that, “Personal details of the kids along with their transaction (purchase) details are openly (not so open) available…”
He had tagged WhiteHat Jr and parent Byju’s in the post, suggesting that they check their web logs or message him to help resolve the issue. A few hours later, he updated the post saying the issue had been resolved.
While cloud services have become the norm for enterprises computing needs, moving to cloud without proper precautions can be disastrous for data security, said Sonit Jain, CEO of GajShield Infotech, a data cloud and network security solutions provider.
Jain emphasised that the move to cloud services should be backed by a “strong data security approach with the ability to gain complete visibility on their entire threat surface, including internal threat vectors and the understating of how this data is being handled.”
<\/p><\/body>","next_sibling":[{"msid":79420161,"title":"Freelancers scout for digital payment solutions as gig works rise","entity_type":"ARTICLE","link":"\/news\/freelancers-scout-for-digital-payment-solutions-as-gig-works-rise\/79420161","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[{"msid":"79417052","title":"data security","entity_type":"IMAGES","seopath":"tech\/startups\/whitehat-jr-says-it-has-fixed-a-leak-that-exposed-data-of-2-8-lakh-users\/data-security","category_name":"WhiteHat Jr says it has fixed a leak that exposed data of 2.8 lakh users","synopsis":false,"thumb":"https:\/\/etimg.etb2bimg.com\/thumb\/img-size-474894\/79417052.cms?width=150&height=112","link":"\/image\/tech\/startups\/whitehat-jr-says-it-has-fixed-a-leak-that-exposed-data-of-2-8-lakh-users\/data-security\/79417052"}],"msid":79420175,"entity_type":"ARTICLE","title":"WhiteHat Jr says it has fixed a leak that exposed data of 2.8 lakh users","synopsis":"The exposed data at the online coding platform for school kids included student names, age, gender, images, user IDs, and progress reports","titleseo":"telecomnews\/whitehat-jr-says-it-has-fixed-a-leak-that-exposed-data-of-2-8-lakh-users","status":"ACTIVE","authors":[{"author_name":"Shephali Bhatt","author_link":"\/author\/479230465\/shephali-bhatt","author_image":"https:\/\/etimg.etb2bimg.com\/authorthumb\/479230465.cms?width=100&height=100","author_additional":{"thumbsize":true,"msid":479230465,"author_name":"Shephali Bhatt","author_seo_name":"shephali-bhatt","designation":"Tech & Culture Reporter","agency":false}}],"analytics":{"comments":0,"views":318,"shares":0,"engagementtimems":1590000},"Alttitle":{"minfo":""},"artag":"ET Bureau","artdate":"2020-11-26 08:44:31","lastupd":"2020-11-26 08:44:53","breadcrumbTags":["WhiteHat Jr","data leak","Hacking","Online Education","online coding","Industry"],"secinfo":{"seolocation":"telecomnews\/whitehat-jr-says-it-has-fixed-a-leak-that-exposed-data-of-2-8-lakh-users"}}" data-authors="[" shephali bhatt"]" data-category-name="" data-category_id="" data-date="2020-11-26" data-index="article_1">
后端服务器的漏洞,使得访问各种各样的280000用户的个人数据在外人看来,由一个独立的安全研究员标记。等无法独立核实正直善良当安全研究人员第一次通知好公民的小问题。
但在11月20日,孟买公司已经注意到并解决它,根据新闻网站周二的一份报告乐动扑克五胞胎的。
WhiteHat小主机服务器在云计算平台上亚马逊网络服务(AWS)。
公开的数据网络编码平台为学校的孩子包括学生姓名、年龄、性别、图片、用户id、和进展报告等。其中大部分数据被认为是PII和归类为敏感的个人数据的个人数据保护法案,是去年在国会提出。
除了PII未成年人,研究者还小正直善良通知好公民,信息老师,父母,工资文件,公司内部文件,并记录的视频类进行,也可访问。
WhiteHat Jr没有透露多长时间用户数据被暴露,但证实“没有违反数据发生在这样的背景下公司的计算机系统和网络。”
它说,“大量的谨慎,我们继续我们的调查,以确保这是如此。”
然而,该公司没有回复具体查询是否已经通知有关用户,他们的数据被暴露。
它也没有说是否印度计算机紧急响应小组,或、节点机构应对计算机安全事件,已经通知。
“我们经常进行和继续与各种举措来加强我们的安全和隐私设置,也保留外部安全专家来帮助我们,”该公司发言人表示。
评论这个问题,Shree高伙伴和国家领导人——网络风险服务,德勤印度,说,这不是一个一次性的事件。“许多大型组织和初创企业不投资建设安全系统,以确保数据的安全性和隐私,当他们的受托责任,以保护用户和客户数据,如个人身份信息和财务信息。”
创始人分别在10月20日,桑托什Patidar队列管理程序DINGG已经张贴在职业社交网站LinkedIn,“个人信息的孩子连同他们的事务(购买)细节公开(不公开)…”
他正直善良的好公民Jr和父Byju的帖子,建议他们检查他们的web日志或消息他帮助解决问题。几个小时后,他更新了文章说这个问题已经解决。
虽然云服务已经成为企业的规范计算的需要,搬到云没有适当的预防措施可以为数据安全是灾难性的,Sonit Jain说,首席执行官GajShield信息技术,数据云计算和网络安全解决方案提供商。
Jain强调移动云服务应该由一个“强大的数据安全的方法能够获得完整的可见性威胁他们的整个表面上,包括内部威胁向量和低估这些数据是如何被处理的。”
读到
Educational technology startup WhiteHat Jr<\/a> said on Wednesday that it had earlier this month discovered “vulnerabilities” in its servers that had led to user data, including personally identifiable information (PII), being exposed.
The vulnerability in its backend server, which allowed access to a variety of personal data of 280,000 users to outsiders, was flagged by an independent security researcher. ET could not independently verify when the security researcher first informed WhiteHat Jr about the issue.
But by November 20, the Mumbai-based company had taken note and resolved it, according to a report on Tuesday by news website The Quint<\/a>.
A WhiteHat Jr spokesperson told ET that, based on “information received from responsible disclosures, we reviewed our setup and worked to patch specifically identified vulnerabilities within 24 hours.”
WhiteHat Jr hosts its servers on cloud computing platform Amazon Web Services (AWS).
The exposed data at the online coding<\/a> platform for school kids included student names, age, gender, images, user IDs, and progress reports, etc. Most of this data is considered PII and categorised as sensitive personal data by the Personal Data Protection Bill that was tabled in Parliament last year.
Besides the PII of minors, the researcher also informed WhiteHat Jr that information about its teachers, parents, salary documents, internal company documents, and recorded videos of classes being conducted, was also accessible.
WhiteHat Jr did not disclose for how long the user data had been exposed but confirmed that “no breach of data has happened in this context on company's computer systems and networks.”
It said, “out of an abundance of caution, we are continuing our investigation to ensure that this is the case.”
The company did not, however, respond to specific queries on whether it had informed concerned users that their data had been exposed.
It also did not say whether the Indian Computer Emergency Response Team, or CERT-In, the nodal agency for responding to computer security incidents, had been informed.
“We regularly undertake and continue with various initiatives to strengthen our security and privacy set-up and have also retained external security experts to assist us,” the company spokesperson said.
Commenting on the issue, Shree Parthasarathy, partner and national leader – cyber risk services, Deloitte India, said, this isn’t a one-off incident. “A lot of larger organisations and startups are not investing in building security systems to ensure the security and privacy of data, when it is their fiduciary responsibility to protect user and customer data like personally identifiable information and financial information.”
Separately, on October 20, Santosh Patidar, founder of queue management app DINGG, had posted on professional networking site LinkedIn that, “Personal details of the kids along with their transaction (purchase) details are openly (not so open) available…”
He had tagged WhiteHat Jr and parent Byju’s in the post, suggesting that they check their web logs or message him to help resolve the issue. A few hours later, he updated the post saying the issue had been resolved.
While cloud services have become the norm for enterprises computing needs, moving to cloud without proper precautions can be disastrous for data security, said Sonit Jain, CEO of GajShield Infotech, a data cloud and network security solutions provider.
Jain emphasised that the move to cloud services should be backed by a “strong data security approach with the ability to gain complete visibility on their entire threat surface, including internal threat vectors and the understating of how this data is being handled.”
<\/p><\/body>","next_sibling":[{"msid":79420161,"title":"Freelancers scout for digital payment solutions as gig works rise","entity_type":"ARTICLE","link":"\/news\/freelancers-scout-for-digital-payment-solutions-as-gig-works-rise\/79420161","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[{"msid":"79417052","title":"data security","entity_type":"IMAGES","seopath":"tech\/startups\/whitehat-jr-says-it-has-fixed-a-leak-that-exposed-data-of-2-8-lakh-users\/data-security","category_name":"WhiteHat Jr says it has fixed a leak that exposed data of 2.8 lakh users","synopsis":false,"thumb":"https:\/\/etimg.etb2bimg.com\/thumb\/img-size-474894\/79417052.cms?width=150&height=112","link":"\/image\/tech\/startups\/whitehat-jr-says-it-has-fixed-a-leak-that-exposed-data-of-2-8-lakh-users\/data-security\/79417052"}],"msid":79420175,"entity_type":"ARTICLE","title":"WhiteHat Jr says it has fixed a leak that exposed data of 2.8 lakh users","synopsis":"The exposed data at the online coding platform for school kids included student names, age, gender, images, user IDs, and progress reports","titleseo":"telecomnews\/whitehat-jr-says-it-has-fixed-a-leak-that-exposed-data-of-2-8-lakh-users","status":"ACTIVE","authors":[{"author_name":"Shephali Bhatt","author_link":"\/author\/479230465\/shephali-bhatt","author_image":"https:\/\/etimg.etb2bimg.com\/authorthumb\/479230465.cms?width=100&height=100","author_additional":{"thumbsize":true,"msid":479230465,"author_name":"Shephali Bhatt","author_seo_name":"shephali-bhatt","designation":"Tech & Culture Reporter","agency":false}}],"analytics":{"comments":0,"views":318,"shares":0,"engagementtimems":1590000},"Alttitle":{"minfo":""},"artag":"ET Bureau","artdate":"2020-11-26 08:44:31","lastupd":"2020-11-26 08:44:53","breadcrumbTags":["WhiteHat Jr","data leak","Hacking","Online Education","online coding","Industry"],"secinfo":{"seolocation":"telecomnews\/whitehat-jr-says-it-has-fixed-a-leak-that-exposed-data-of-2-8-lakh-users"}}" data-news_link="//www.iser-br.com/news/whitehat-jr-says-it-has-fixed-a-leak-that-exposed-data-of-2-8-lakh-users/79420175">
评论
现在评论 阅读评论(1)所有评论
找到这个评论进攻?
下面选择你的理由并单击submit按钮。这将提醒我们的版主采取行动