[BreachExchange] Zoomcar Data Hacked; 3.5 Million Users’ Details Sold On Dark Web

Destry Winant destry at riskbasedsecurity.com
Wed May 27 10:24:54 EDT 2020 

https://www.gizbot.com/news/zoomcar-data-hacked-3-5-million-user-information-for-sale-067873.html

Popular car rental platform Zoomcar is the latest victim of hacking
and data theft. Personal data of roughly 3.5 million Zoomcar users is
up for sale on the dark web since Thursday. Personal data here
includes usernames, email ids, mobile numbers, passwords, and IP
addresses.

 Zoomcar Data Hack

 The report comes from Rajshekhar Rajaharia, the cybersecurity
consultant, who noted that he found the data on the dark web while
researching. What's more, the hacker is willing to sell back the
hacked data for $300.

Zoomcar has been having a steady growth rate and competes with other
self-drive car rental startups like Crivezy and Revv. More recently,
Zoomcar raised $30 million in fresh funding led by Sony Innovation
Fund, the venture arm of Japanese electronics giant Sony. "The hacker
has been privately selling the data for $300 but now he has made it
public on the Dark Web," Rajaharia said, reports Economic Times.

Furthermore, the hacker notes that the data breach took place back in
July 2018. It comes as no surprise that the hacker has put up the
stolen data for sale two years after the breach. Rajaharia explains
that hackers generally wait to sell the data to avoid getting caught
by officials who track their IP addresses.

Data Hacks Not A Surprise Anymore

This isn't the first time a platform's user database was put up on
sale on the dark web. For those unaware, the dark web is part of the
cyberspace and a subset of the deep web that is intentionally hidden
and requires a special type of browser, software, and configuration to
access it.

Not surprisingly, a lot of hacked materials are up for sale here,
mostly by hackers and those with malicious intent. More recently,
Disney+ account holders' usernames and passwords went up for sale on
the dark web, just a few days after its launch. More recently, the
Indian education platform Unacademy database of 22 million users was
hacked and sold on the dark web.

Currently, Zoomcar hasn't responded to comment on the issue. Users are
advised to change their username and password; and also keep different
user ids and passwords for every platform.

More information about the BreachExchange mailing list