A security researcher named Bob Diachenko said Byju's students' sensitive data, including names, email IDs, phone numbers, loan details, and addresses was exposed due to a misconfigured Apache Kafka server.
According to a TechCrunch report, Loan details such as payouts, links to scanned documents, and transactional information related to some students were also exposed. The server is used by edtech giant Byju's to send and receive data in real-time.
The researcher said that there were a number of IP addresses with the misconfigured server that enabled anyone to access the queue to read the records without a password.
The researcher later reported the issue to Byju's on August 22. The company acknowledged the issue and soon rectified it. However, it denied any harm to the data and said no sensitive information was exposed or compromised.
"There was a temporary exposure of a small fraction of our systems for a very short duration... no data or information was exposed or compromised during this event," Byju's said.
The company further ensured that its systems have been built around safeguarding the privacy of security of the data.
Last week, Byju's laid off more than 100 employees in the mentoring and product expert divisions, which are internally housed under the post-sales department.
Byju's had said that the layoffs are firmly rooted in performance-based is not connected with a cost-cutting measure.