[BreachExchange] Indian property site hack leads to 2 million users’ data exposed

Destry Winant destry at riskbasedsecurity.com
Wed Mar 25 10:16:55 EDT 2020


https://www.hindustantimes.com/tech/indian-property-site-hack-leads-to-2-million-users-data-exposed/story-kcegLy2maaQYM0uvSU5gcJ.html

Private data of more than 2 million users were shared on a hacking
forum following a major security breach of the Indian property website
PropTiger in 2018.

According to a new Have I been pwned alert, the exposed data contains
both user records and login histories with more than 2 million unique
customer email addresses. The data that was exposed on the hacking
forum also included personal information such as IP addresses,
password stored as MD5 hashes, dates of birth, and names among others.

Black_Hat_India at black_hat_india

New breach: PropTiger had a 2018 database file exposed and shared on a
popular hacking forum last month. Exposed data included user records
and login histories containing over 2M unique email addresses. 69%
were already in @haveibeenpwned #breach

2
3:05 AM - Mar 24, 2020
Twitter Ads info and privacy

See Black_Hat_India's other Tweets

Simon Foster at funkysi1701

#RT @haveibeenpwned: New breach: PropTiger had a 2018 database file
exposed and shared on a popular hacking forum last month. Exposed data
included user records and login histories containing over 2M unique
email addresses. 69% were already in @haveibeen…
https://haveibeenpwned.com/

3:28 AM - Mar 24, 2020
Twitter Ads info and privacy

See Simon Foster's other Tweets


Cyber Security Bot at cybsecbot

New #databreach detected: #PropTiger Breach date: 30 January 2018 Date
added to HIBP: 24 March 2020 Compromised accounts: 2,156,921

4:00 AM - Mar 24, 2020
Twitter Ads info and privacy

See Cyber Security Bot's other Tweets

“In January 2018, the Indian property website PropTiger suffered a
data breach which resulted in a 3.46GB database file being exposed and
subsequently shared extensively on a popular hacking forum 2 years
later,” said an email alert sent to users affected by the breach.

“PropTiger advised they believe the usability of the data is “limited”
due to how certain data attributes were generated and stored,” it
added.

According the security alert, 2,156,921 users affected by the security breach.

Based on Gurgaon, Haryana, PropTiger is an independent real estate
advisor with a pan-India presence, according to Crunchbase. The
platform says it has more than 500 relation managers spread across the
country.


More information about the BreachExchange mailing list