Guidely Data Breach

🏢 About Guidely.in

Guidely.in (formerly IBPSGuide) is an Indian ed-tech platform based in Erode, Tamil Nadu, focused on competitive exam preparation.

The platform provides learning resources and test preparation content for:

• Banking exams
  
• SSC exams
  
• Insurance exams
  
• Railway recruitment exams
  

As with many education platforms, user accounts typically contain personally identifiable information tied to students and aspirants.

🔍 What Happened?

A threat actor using the alias “BigBrother” posted a listing claiming to possess a database linked to Guidely.in.

According to the post:

• The dataset allegedly contains 1.5 million rows of PII
• The database format is described as CSV
• The data is being offered for sale for cryptocurrency

At the time of writing, there is no official confirmation from Guidely.in regarding the authenticity of the claims.

📸 What the Sample Data Appears to Show

The screenshots shared with the listing display tabular user information that appears to include:

• Full names
  
• Email addresses
  
• Mobile numbers
  
• Account type
  
• Gender
  
• Date of birth
  
• Signup method
  
• Location-related information
  

The dataset also appears to contain partially obscured or hashed credential-related fields.

Several rows reference account types such as:

• Student
  
• Staff
  

The signup source shown in the sample includes:

• Email signup
  
• Google authentication
  

⚠️ Why This Matters

While this may appear to be a standard user database leak, educational platforms often collect long-term identity-linked information tied to career preparation and student activity.

The combination of:

• Phone numbers
  
• Email addresses
  
• Demographic data
  
• Account metadata
  

can create significant phishing and impersonation risks.

🎯 Additional Concern: Student-Focused Targeting

Education-related leaks are particularly attractive to attackers because students and exam aspirants are commonly targeted through:

• Fake recruitment scams
  
• Scholarship fraud
  
• Coaching/payment scams
  
• Credential harvesting attacks
  

A leaked dataset containing real student details can make those attacks far more convincing.

📊 Quick Breakdown

• Organization: Guidely.in
  
• Sector: Ed-Tech / Education
  
• Incident Type: Alleged database sale
  
• Threat Actor: BigBrother
  
• Date Observed: May 2026
  
• Severity: High
  

📂 Data Allegedly Exposed

• Names
  
• Email addresses
  
• Mobile numbers
  
• Account type
  
• Gender
  
• Date of birth
  
• Signup metadata
  
• Location-related fields
  
• Hashed credential-related data
  

📦 Claimed Dataset Size

• ~1.5 million records
  

⚠️ Potential Risks

If authentic, the data could be used for:

📧 Phishing & Scam Campaigns

• Fake exam/recruitment notifications
  
• Credential theft attempts
  
• Impersonation of educational services
  

👤 Identity Profiling

• Mapping student demographics
  
• Account correlation across platforms
  

🔐 Credential Risks

• Abuse of reused passwords if hashes are weak or cracked
  

🛡️ Recommended Precautions

Users of educational platforms should:

• Avoid reusing passwords across services
  
• Be cautious of exam/job-related messages
  
• Verify links before logging in
  
• Watch for suspicious calls or payment requests
  

🧠 A Bigger Observation

Ed-tech platforms increasingly hold large amounts of sensitive user data, but they are not always discussed with the same urgency as financial or healthcare systems.

Yet many of these platforms store enough information to build detailed personal profiles of students and aspirants.

📌 Final Thoughts

At this stage, the claims remain unverified.

However, datasets involving students and educational users can carry long-term risks because the exposed information often remains relevant for years.

And in many cases, attackers are not just targeting accounts — they are targeting trust, ambition, and opportunity.