WhiteHat Jr Exposed Data of Over 2.8 Lakh Students, Teachers Due to Multiple Vulnerabilities: Report

The security researcher who discovered the vulnerabilities within WhiteHat Jr made a disclosure on November 19.

Advertisement
By Jagmeet Singh | Updated: 26 November 2020 00:21 IST
Highlights
  • WhiteHat Jr exposed sensitive data through a misconfigured server
  • The exposed data included details of various minor students
  • WhiteHat Jr was last month found with another security issue
WhiteHat Jr Exposed Data of Over 2.8 Lakh Students, Teachers Due to Multiple Vulnerabilities: Report

WhiteHat Jr acknowledged the flaw and confirmed its fix in a media statement

WhiteHat Jr, a popular online coding platform for young kids, reportedly exposed personal data of over 2.8 lakh students and teachers due to multiple vulnerabilities. The platform said that it had fixed the flaws after it was informed by a security researcher. It also claimed that "no breach of data has happened" due to the loopholes. Just last month, Mumbai-based WhiteHat Jr was found to have another security issue that was also leaking students' personal data and transaction details.

The security researcher who discovered the latest vulnerabilities within WhiteHat Jr made a disclosure to the platform on November 19, The Quint reports. The issues reportedly existed due to a misconfigured backend server that exposed data including student names, age, gender, profile photos, user IDs, parents name, and progress reports. The data is said to have included the details of a large number of minor students.

In addition to the personally identifiable information of several minor students on the platform, the vulnerabilities allowed access to information related to teachers and partners of students. Salary details of WhiteHat Jr employees as well as its internal documents and dozens of recorded videos of online classes being conducted by the platform were also exposed, according to the report.

The researcher reportedly got a response within a day after emailing its Chief Technology Officer Pranab Dash on November 19 and 20.

Advertisement

WhiteHat Jr acknowledged the issues and confirmed to The Quint that it fixed the identified vulnerabilities. However, it didn't provide any clarity on whether the exposed data was compromised until the fixes came in place.

Gadgets 360 reached out to WhiteHat Jr to get a comment on the security issues and clarity on whether any data was compromised.

Advertisement

Update: The company responded to Gadgets 360 to say that it patched specific identified vulnerabilities within 24 hours; and also claimed that no breach of data took place. The full statement is at the end of this article.

Interestingly, the latest vulnerabilities weren't the only ones impacting the security of coding-focussed WhiteHat Jr. Santosh Patidar, founder of queue management app DINGG, last month highlighted a flaw in one of the platform's APIs that was exposing personal data of students alongside transaction details.

Advertisement

Patidar took to LinkedIn to reveal the security flaw within WhiteHat Jr and was reached out by its CTO. He later updated the original LinkedIn post stating, “They have fixed the issue.”

Apart from the security issues, WhiteHat Jr has been facing criticism for allegedly false advertisements that feature young students. The company also recently filed a Rs. 20 crore defamation lawsuit against one of its critics, Pradeep Poonia, who alleged that the platform was not providing quality education to its students.

Founded in November 2018, WhiteHat Jr was acquired by edu-tech unicorn Byju's in August this year for $300 million (roughly Rs. 2,219 crores). The coronavirus pandemic has helped both WhiteHat Jr and Byju's to grow their businesses as people are staying indoors and are looking for online learning platforms for their children.

Update: The full statement from WhiteHat Jr is shown below.

WhiteHatJr takes security and privacy issues very seriously. We are committed to both our customers and to our compliance with applicable laws. Based on information received from responsible disclosures, we reviewed our setup and worked to patch specific identified vulnerabilities within 24 hours. We reiterate that no breach of data has happened in this context on company's computer systems and networks, out of an abundance of caution we are continuing our investigation to ensure that this is the case. We regularly undertake and continue with various initiatives to strengthen our Security and Privacy set-up and have also retained external security experts to assist us.


How are we staying sane during this Coronavirus lockdown? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: WhiteHat Jr, Online Coding
Advertisement

Related Stories

Popular Mobile Brands
  1. Tecno Pova 7 5G, Pova 7 Pro 5G Launched in India: Price, Availability
  2. Here's How Much the Vivo X Fold 5 and Vivo X200 FE Might Cost in India
  3. The Good Wife OTT Release Date: When and Where to Watch it Online?
  4. Apple Plans to Launch M5-Powered MacBook Pro This Year: Report
  5. NxtQuantum Arrives as Made in India Mobile OS, to Debut on Its AI+ Phones
  6. OTT Releases This Week: Kaalidhar Laapata, Thug Life, The Good Wife, and More
  7. iQOO 13 Launched in india in Green Colourway: See Price, Availability
  8. Samsung Galaxy Z Fold 7 Hands-On Images Suggest It Might Sport This Design
  1. Mivi AI Buds TWS Earphones Launched in India With In-Built AI Assistant
  2. Samsung Galaxy Z Fold 7, Galaxy Z Flip 7 First-Party Cases and Screen Protectors Leaked: See Colours
  3. Nvidia Briefly on Track to Become World's Most Valuable Company Ever
  4. iQOO 13 Green Colour Variant Launched in India: Check Price, Availability
  5. Meta Poaches CEO of Ilya Sutskever's Startup in AI Talent War
  6. Google's AI Overviews Hit by EU Antitrust Complaint From Independent Publishers
  7. Baidu’s MuseStreamer AI Video Generation Model Takes on Google’s Veo 3 With Native Audio Support: Report
  8. Chinese Sales of Foreign Phone Makers, Including Apple's iPhone, Drop 9.7 Percent in May
  9. Huawei Watch Fit 4, Watch Fit 4 Pro Launched in India With In-Built GPS, Up to 10 Days of Battery Life
  10. YouTube to Revise Monetisation Policy to Target Mass-Produced and Repetitive Content
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.