[BreachExchange] Zee5 may have leaked data of 9 million users - Not for the first time

Destry Winant destry at riskbasedsecurity.com
Thu Mar 4 10:59:17 EST 2021 

https://www.techradar.com/in/news/zee5-may-have-leaked-data-of-9-million-users-not-for-the-first-time

Not for the first time, the popular Indian OTT platform Zee5 has had a
data breach. And again, not for the first time, it is just shrugging
its shoulders, saying that the report is not true.

The previous reported data leaks were in May and June 2020.

The  latest data leak discovery came from an independent internet
security researcher who put out a tweet on the same.

On February 27, his tweet said: "9 Million users data alleged leaked
from #Zee5 again!! It seems latest data leak on 23rd Feb 2021. I sure
no one is going to take responsibility for this too. Now we can say
that there is no value of our personal and financial data. Risk is
ours."

Zee, as ever, seems unconcerned

During the previous alleged data breaches, the Zee group kept denying
the claims and said, "all the sensitive information that can cause
harm is solely rested with the top payment gateways that Zee5
integrates and is fully secured."

This time around the Zee group merely said that it would look into the
report, and also suggested to the researcher that he remove his tweet.

"Our viewers' privacy is our top priority and we'll surely look into
it. Kindly avoid posting such details on a public platform. Please
consider deleting the same & send us a direct message with all the
details. We’ll look into the issue," the Zee response on Twitter read.

Of course, the internet security researcher had not put out any
incriminating or sensitive detail. He was merely informing on his
Twitter timeline the details of the breach. So, for Zee to ask him to
delete the post is irresponsible and insensitive.

The previous breaches at Zee5

Zee5 had a data breach back in June 2020, resulting in the stealing of
150GB of data. Zee5 had also suffered from another leak in May 2020,
which reportedly compromised the details of 1,023 premium accounts.

In all the three cases, Zee5 has not informed the users, something
which most companies generally do.

Internet security analysts allege that this is unbecoming of a company
to put its users under risk by possible exposing their details to
scamsters on the web and also remain silent about it.

As of December 2020, Zee5 is said to have had 65.9 million monthly
active users (MAUs) and 5.4 million daily active users (DAUs).

More information about the BreachExchange mailing list