At the end of last week "Businessman", With reference to the Telegram channel In4security, reported that in mid-June 2020 on the darknet for sale put up a database of online English language school Skyeng, with 5,000,000 lines.
According to the publication, the database contains information about teachers, students and all employees of the company, including phones, email addresses and identifiers in Skype. At the same time, journalists contacted some users whose data appeared in the free “sampler” of the database and confirmed the authenticity of the published information.
Head of DeviceLock Ashot Hovhannisyan clarifies in his Telegram channelthat a sample from this database (270,000 rows) containing only the data of Russian customers is estimated by attackers at 40,000 rubles, while the entire database costs about 80,000 rubles.
Journalists and researchers note that, judging by the format of the samples provided by the seller, the database leaked from the MongoDB server. Presumably, the server might have been poorly protected or even left open, which, unfortunately, is very common, although experts from Rostelecom Solar and Infosecurity a Softline Company also stated the theory that the insider might have stolen the database (in order to sell to competitors or hackers )
Skyeng did not confirm the fact of a leak or hacking. The managing partner of the platform, Alexander Laryanovsky, told Kommersant that there is no reason to believe that this base is related to Skyeng.
Also on "Habré" the company representative approvesthat Skyeng does not use MongoDB at all and also denies that the database belongs to an online school. The employee data appearing in the dump allegedly could be added there specifically to give the database credibility. “For now, we assume that some third-party base has been enriched with several thousand lines about Skyeng,” he writes.