Ed-tech company Vedantu faced a data breach on July 8, exposing the personal data of about 686,899 users. Twitter account Have I Been Pwned, a website which tracks and reports data breaches, first reported this.

What all data was breached? Personal details including users’ email and IP address, names, phone numbers, gender, passwords, spoken languages, time zones, website activity, all of which were stored as bcrypt hashes, were leaked, according to Have I Been Pwned.

Vedantu is aware of the breach: Vedantu was aware of the breach and is in the process of informing its customers, Have I Been Pwned said. Microsoft’s regional director, Troy Hunt, who manages Have I Been Pwned, said on Twitter that Vedantu was also aware that its customers’ data was being exchanged online.

What Vedantu said: Vedantu, however, also said that sensitive details of users were not leaked and since the details were stored in an encrypted format, it wouldn’t be easy to misuse the data, according to the Economic Times. The vulnerability was fixed within a few days, as per the report. The ET report says that the breach took place in the last week of September, but according to HIBP’s website, the date of breach was July 8.