Data of 2.8 Lakh Students, Parents and Teachers of WhiteHat Jr Exposed: Expert

New Delhi: After facing huge criticism for its advertisements, BYJU’S-owned online coding platform WhiteHat Jr is again facing flak. This time for not securing data of close to 2.8 lakh students and teachers enrolled with the company. The data included their personal details, including their photographs.

A report in The Quint said that online coding platform for children was found to have left this data0 exposed till mid-November through multiple vulnerabilities. However, WhiteHat Jr has fixed these vulnerabilities after it was notified to them.

The report said that WhiteHat Jr had left its backend server open that allowed access to a variety of plaintext data, including student names, age, gender, images, user IDs, parents name, and progress reports to outsiders. The420.in could not independently verify the claim.

The nature of data leak can be gauged with the fact that unsecured served had also exposed personally identifiable information (PII) of minors, their parents and teachers along with the salary documents of the company, internal company documents and dozens of recorded videos of classes being conducted.

WhiteHat Jr told the Quint, “Based on the information received from responsible disclosures made to WhiteHatJr about possible security vulnerabilities, we reviewed our setup and patched the identified vulnerabilities… We always strive to improve our customer experience and performance of the application, and to support this we use various industry-validated tools and software.”

WhiteHat Jr was founded in 2018 by Karan Bajaj as an educational technology platform meant to teach coding to children between the ages of six and 18. The company was acquired by Byju’s in August for a reported sum of $300 million.