- The online data science learning platform experienced a security incident on February 11th.
- Unknown third-party gained "criminal unauthorized access" to one of its systems.
Popular data science learning site DataCamp suffered a breach on Monday compromising sensitive information of some of its users. The company immediately notified the affected users regarding the incident and has logged out all their accounts as a security measure. It has also reset passwords of these accounts.
Robert Cabral, Director of Customer Support for DataCamp, informed in the security update that, "We are still investigating the precise causes and are retaining a leading digital forensics and security firm to assist us in the work being conducted by our internal security team. We will be notifying the data protection authorities."
DataCamp has also disclosed the details of user data affected in the breach. Personal information included name, email address, optional info such as location, company, biography, education, and a picture of the user. On the account side, bcrypt-hashed passwords, account creation date, last sign in date & sign in IP address were involved.
However, the platform has mentioned that no payment-related information was stolen since they were not stored in their systems.
“Our investigation is ongoing. We will continue to work both internally and with our outside experts to gain a better understanding of what happened and take further action as needed. Our efforts to protect our users and prevent this type of incident from happening in the future are our top priority,” Cabral added.
Finally, it has asked all the users to reset their account passwords immediately for all DataCamp or associated accounts.