WhiteHat Jr bug makes data vulnerable but adamant of no breaching, fixed in 24 hours

Indian ed-tech startup WhiteHat Jr found itself amidst controversies due to a bug in its system, which made the data of 2.8 lakh students vulnerable.

On November 25, a security researcher reported the bug to WhiteHat Jr said, “According to what I found out the personal data of over 2.80 lakh students including names of their parents were lying exposed due to a vulnerability on the company’s server-side.”


On November 19, the researcher had pointed out the vulnerability, and all vulnerabilities were fixed within a day. The company said, “WhiteHat Jr takes security and privacy issues very seriously, we are committed to both our customers and to our compliance with applicable laws. Based on information received from responsible disclosures, we reviewed our setup and worked to patch specifically identified vulnerabilities within 24 hours.”

WhiteHat Jr reiterated that there was no data leak.

The company said, “We reiterate that no breach of data has happened in this context on company’s computer system and networks, out of an abundance of caution we are continuing our investigation to ensure that this is the case. We regularly undertake and continue with various initiatives to strengthen our Security and Privacy set-up and have also retained external security experts to assists us.”

Recently, WhiteHat Jr has been in news, it slapped defamation suits against its two biggest critics on social media – Dr Aniruddha Malpani and Pradeep Poonia. The matter is currently in court.