Skip to main content

Indian tech startup exposed Byju’s student data

India-based technology startup Salesken.ai has secured an exposed server that was spilling private and sensitive data on one of its customers, Byju’s, an education technology giant and India’s most valuable startup.

The server was left unprotected since at least June 14, according to historical data provided by Shodan, a search engine for exposed devices and databases. Because the server was without a password, anyone could access the data inside. Security researcher Anurag Sen found the exposed server, and asked TechCrunch for help in reporting it to the company.

The server was pulled offline a short time after we contacted Salesken.ai on Tuesday.

Salesken.ai provides customer relationship technology to companies like Byju’s to engage better with customers. The Bengaluru-based startup raised $8 million in Series A funding from Sequoia Capital India in 2020, two years after the company was founded.

Much of the data contained on the exposed server pertained to WhiteHat Jr., an online coding school for students in India and the U.S., which Byju’s bought for $300 million in 2020. Byju’s is currently valued at more than $16 billion after raising $1.5 billion earlier this year.

The server contained the names and classes taken by students and email addresses and phone numbers of parents and teachers. The server also contained other data related to students, such as chat logs between parents — identified by their phone number — and WhiteHat Jr. staff, as well as comments recorded by teachers about their students.

The server also contained copies of emails containing codes to reset user accounts and other internal Salesken.ai data.

Surga Thilakan, co-founder and chief executive at Salesken.ai, told TechCrunch the startup was “evaluating” the security incident but did not dispute what kind of data was found on the exposed server..

“Our assessment suggests the exposed device appears to be a non-production, staging instance of one of our integration services having access to less than 1% of India based end-of-life sales logs for a fortnight,” said Thilakan. “Salesken.ai follows stringent data security norms and is certified under the highest standards of global security and safety. We have, in an abundance of caution, immediately severed access to the cloud device.”

Thilakan did not respond to a follow-up email from TechCrunch asking why real user data was stored in what the company claims is a “non-production, staging” server. The company also would not say if it has logs or any evidence to determine if data was accessed or downloaded as a result of the security lapse.

WhiteHat Jr. spokesperson Sameer Bajaj said the company is “currently communicating with Salesken.ai about the incident and will take appropriate action in accordance with our rigorous security policies.”

 

 



from TechCrunch https://ift.tt/3qCetUP
via IFTTT

Comments

Popular posts from this blog

Apple’s AI Push: Everything We Know About Apple Intelligence So Far

Apple’s WWDC 2025 confirmed what many suspected: Apple is finally making a serious leap into artificial intelligence. Dubbed “Apple Intelligence,” the suite of AI-powered tools, enhancements, and integrations marks the company’s biggest software evolution in a decade. But unlike competitors racing to plug AI into everything, Apple is taking a slower, more deliberate approach — one rooted in privacy, on-device processing, and ecosystem synergy. If you’re wondering what Apple Intelligence actually is, how it works, and what it means for your iPhone, iPad, or Mac, you’re in the right place. This article breaks it all down.   What Is Apple Intelligence? Let’s get the terminology clear first. Apple Intelligence isn’t a product — it’s a platform. It’s not just a chatbot. It’s a system-wide integration of generative AI, machine learning, and personal context awareness, embedded across Apple’s OS platforms. Think of it as a foundational AI layer stitched into iOS 18, iPadOS 18, and m...

The Silent Revolution of On-Device AI: Why the Cloud Is No Longer King

Introduction For years, artificial intelligence has meant one thing: the cloud. Whether you’re asking ChatGPT a question, editing a photo with AI tools, or getting recommendations on Netflix — those decisions happen on distant servers, not your device. But that’s changing. Thanks to major advances in silicon, model compression, and memory architecture, AI is quietly migrating from giant data centres to the palm of your hand. Your phone, your laptop, your smartwatch — all are becoming AI engines in their own right. It’s a shift that redefines not just how AI works, but who controls it, how private it is, and what it can do for you. This article explores the rise of on-device AI — how it works, why it matters, and why the cloud’s days as the centre of the AI universe might be numbered. What Is On-Device AI? On-device AI refers to machine learning models that run locally on your smartphone, tablet, laptop, or edge device — without needing constant access to the cloud. In practi...

Max Q: Psyche(d)

In this issue: SpaceX launches NASA asteroid mission, news from Relativity Space and more. © 2023 TechCrunch. All rights reserved. For personal use only. from TechCrunch https://ift.tt/h6Kjrde via IFTTT