Brinztech Alert: 11 Million Records from Indian Exam Platform Rizee on Sale

Dark Web News Analysis: 11 Million User Records from Rizee on Sale

A massive 5.67 GB database dump, allegedly from the Indian exam preparation platform Rizee, is being offered for sale on a hacker forum. The breach is exceptionally severe, containing the records of over 11 million users and including not just personal data but also internal system API keys. A compromise of this scale at an educational technology platform puts a huge number of students at risk. The leaked data is a comprehensive snapshot of the platform’s users and operations, reportedly including:

• User Profiles (11+ Million): Logins (usernames), hashed passwords, email addresses, phone numbers, and full names.
• Student Analytics Data: Logs of student sessions, exam interactions, and sensitive academic performance metrics.
• Internal System Data: Complete forum data and database dumps that include internal API keys.

Key Cybersecurity Insights

The inclusion of internal API keys and sensitive student performance data elevates this from a standard data breach to a critical infrastructure and privacy event.

• Exposed API Keys Could Lead to Total Platform Compromise: API keys are essentially passwords that allow applications to communicate with each other. If the leaked keys grant administrative or high-level access to Rizee’s backend systems or third-party cloud services, an attacker could potentially take over parts of their infrastructure, steal even more data, disrupt the entire service, or manipulate data.
• Student Performance Data Enables Highly Manipulative Scams: The leak of student performance metrics and exam interactions is a severe breach of privacy. Attackers can use this highly personal data to craft targeted and manipulative scams. For example, they could prey on students who are struggling academically by offering fraudulent tutoring services, or attempt to blackmail high-performing students.
• 11 Million Credentials Fuel a Massive Credential Stuffing Wave: A list of 11 million user profiles with emails and hashed passwords is a huge asset for criminals. They will immediately begin cracking the weaker passwords and using the successful email-password combinations in automated “credential stuffing” attacks against other educational platforms, social media, and financial sites.

Critical Mitigation Strategies

Rizee must take immediate and drastic action to contain this breach, while its massive user base must act to protect their accounts across the internet.

• For Rizee: Immediately Rotate All API Keys and Invalidate Passwords: These are the most urgent technical actions. Rizee must immediately revoke and rotate every single API key found in the leak to prevent infrastructure compromise. Simultaneously, they must force a password reset for all 11 million users and upgrade their password hashing algorithm to a modern, salted standard.
• For Rizee: Launch a Full Incident Response and Security Audit: Rizee needs to conduct a full forensic investigation to understand how its databases and API keys were exfiltrated. A thorough security audit of their entire application and cloud infrastructure is necessary to close the vulnerabilities that led to this catastrophic breach.
• For Rizee Users (Students): Change All Reused Passwords and Be Wary of Scams: This is the most critical advice for the millions of victims. All students must change their Rizee password and, more importantly, the password on any other online account where that password was reused. They must be on high alert for personalized scams related to their exam performance or academic needs.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. For general inquiries or to report this post, please email us: contact@brinztech.com