- ZoomCar is India’s prominent self-drive car rental company, The company was founded in 2013 by David Back and Greg Moran.
- An anonymous hacker claims to have breached the database back in 2018.
- 9.1 Mn user’s database is being sold for $300 on the dark web.
Currently, an independent security researcher discovers the 9.1 mn user’s data of Indian startup ZoomCar is available for sale on the dark and being sold for 300$.
Hacker claims that the data of ZoomCar have breached in 2018 and now made it available for sale. The hacked data contain sensitive information to the user’s which include the name, email, phone number, IP address, and encrypted password.
Security researcher Rajshekhar Rajaharia told Inc42, “The hackers are working on decrypting the passwords available in this public database and this could result in hacking of user accounts.”
The researcher added the company should immediately inform their users about the vulnerability and ask them to change the password.
In response to an Inc42 query, a Zoomcar spokesperson said, “Zoomcar has a high privacy bar with strict data protection standards. Our customers’ data is absolutely secure.”
The database of 36 lakh users is available for sale in 2-3$, whereas the entire database of 91 mn users for being sold for 300$ (INR 22K) on the dark web.
Rise In Data breach On Indian Startups
Continuously, an Increase in data breaches on Indian startups is a concern for the entire startup ecosystem. Recently the Gurugram based startup Skolaro exposed the database of 50k users of their platform which includes the data of 100 Indian startups students with their parents as well as teachers due to unsecured data server.
Data breaches case largely increase in India in recent years. According to the MeitY India notice 3.9 Lakhs instance of data breaches in the year 2019. The MeitY minister has earlier noted in a Lok Sabha session that 49.4K, 50K, 53K, 208K, and 394K cybersecurity incidents were reported in the year 2015, 2016, 2017, 2018 and 2019 respectively.