In this article

    No Data Was Compromised

    Most importantly, none of your user data was compromised or made publicly available by any third party. This means that you do not need to do anything, and this post is just for your information as we take data security extremely seriously.

    Free access to education for everyone!

    We know education has the power to change the world. That’s why we provide a free all-in-one learning app to help you on your learning journey.

    Get started now

    What Happened?

    On the 16th of November 2021, a faulty version of our StudySmarter learning software was rolled out to our users. It disabled a built-in security feature that prevents users from accessing data they should not have access to.

    A week later, on 22 November, a security researcher from the German collective Zerforschung found the security flaw and conducted a test to see if they could access the data of multiple users. The researcher notified us on 24 November. Thanks to our existing security protocols, we could fix the issue just 41 minutes after receiving the message.

    After this fix, we investigated which users were affected by the breach and if any of the data was compromised. Fortunately, it turned out that only the researcher used the data leak and no data was compromised. After talking to Zerforschung, they assured us that all users’ data has already been deleted and cannot be used for nefarious purposes.

    What Does This Mean for You?

    Fortunately, not that much 😁. None of your data has been compromised or made available to the public. Nevertheless, we think it is essential to be transparent about this incident. There is no action you need to take.

    What Does This Mean for Us?

    The security of your data is our main concern. You trust us with your study process and your materials, and we don’t take this responsibility lightly. That’s why we have always put a strong emphasis on data security at StudySmarter. For instance, just one month before the issue, we completed a thorough penetration test of our whole application.

    However, in light of this development, we are taking the following additional steps to ensure this will never happen again and that your data remains safe:

    • From now on, we will run monthly pentests. By collaborating with external agencies, we can ensure that we are able to identify and fix any security issues before any third party notices them.
    • We will introduce a StudySmarter bug-bounty program, paying rewards to any individuals identifying security shortfalls in our application. This allows us to involve our users (like you) in guaranteeing the security of StudySmarter.
    • We have already introduced new development processes, like additional review loops for security-critical code, and expanded our automatic testing to all areas of permission management.

    As a result, we have an even higher standard of security to ensure that this never happens again.

    Thank you for your trust, and we wish you great success in your future exams!

    Your StudySmarter Team

    How we ensure our content is accurate and trustworthy?

    At StudySmarter, we have created a learning platform that serves millions of students. Meet the people who work hard to deliver fact based content as well as making sure it is verified.

    Content Quality Monitored by:
    Gabriel Freitas Avatar
    Gabriel Freitas

    AI Engineer

    Gabriel Freitas is an AI Engineer with a solid experience in software development, machine learning algorithms, and generative AI, including large language models’ (LLMs) applications. Graduated in Electrical Engineering at the University of São Paulo, he is currently pursuing an MSc in Computer Engineering at the University of Campinas, specializing in machine learning topics. Gabriel has a strong background in software engineering and has worked on projects involving computer vision, embedded AI, and LLM applications.

    Get to know Gabriel