[BreachExchange] EarlySalary says data of 20k stolen

Destry Winant destry at riskbasedsecurity.com
Fri Oct 5 18:56:07 EDT 2018


BENGALURU: Pune-based instant digital-lending startup EarlySalary
faced a cyber attack which compromised about 20,000 of its applicants’
data, the company said in a statement.

Having received a ransom demand from the hackers, the startup said it
addressed the issue and subsequently plugged the vulnerability before
reporting the incident to security agencies. In a note shared on its
website, the company said that names, few personal details and mobile
numbers of prospective customers of EarlSalary were leaked.

“This happened in one of our older landing pages for prospective
customers who applied for a loan to us, they would fill up a form with
some personal details, employment status and mobile number for us to
call them back,” said Akshay Mehrotra, cofounder of EarlySalary. “Our
borrower data around bank accounts, bureau scores and others are safe
and all our other systems stand secured.”

He said that the affected data was only meant for the company’s call
centre to call back the customer. Further, the company claimed to have
done a vulnerability test on its systems to ensure that all data is

EarlySalary is a digital lending platform which gives short duration
instant credit to retail customers which they usually pay back over
the next few days mainly after the next month’s salary arrives.

More information about the BreachExchange mailing list