Byju’s exposed sensitive student data, including loan details

Byju’s, the edtech giant and India’s most valuable startup, has fixed a server-side misconfiguration that was exposing the sensitive data of its students.
The Indian startup exposed some students’ names, phone numbers, addresses and email IDs. The exposed data also included loan details such as payouts, links to scanned documents and transactional information related to some students.
Security researcher Bob Diachenko found the exposure due to a misconfigured Apache Kafka server used by Byju’s to send and receive data in real-time. Diachenko told TechCrunch that there w

リンク元