The hacker group ‘Shinyhunters’ has taken the digital world by shock again. Earlier this month, ‘Shinyhunters’ had hacked and leaked debit and credit card details of users of a digital payments handling firm – JusPay on the Dark web. Now the digital platform of three Indian firms – ClickIndia (an e-marketplace), Chqbook (a fintech startup for small business owners), and WedMeGood (a wedding planning website) has been hacked. More than 1.13 crore user data has been put up for sale on the dark web for about $10,000 in Bitcoin.
Rajshekhar Rajaharia, an independent CyberSecurity Researcher, who cracked down the hacking of JusPay by the ShinyHunters informed that name, email, mobile number and other personal details of around 80 lakh users of ClickIndia, 10 lakh users of ChqBook, and 13 lakh users of WedMeGood have been compromised with.
The incident was first reported on a digital platform, Bleeping Computer which stated that a whopping 26 companies have their user data being sold on the dark web by a data breach broker. According to Rajaharia, the hacker group is the same which leaked BigBasket data, previously reported by the cybersecurity firm Cyble. He added that there is a strong connection between these recent data leaks along with BigBasket.
Previously, in November, India’s popular online grocery store BigBasket reported that about 20 million of its user data was leaked online and was being sold for $40,000 on the dark web. The portal of Juspay, which has big clients like Amazon, was accessed by the hacker group and card details were sold online. Initially, the company denied all these allegations and quoted that its Secure Data Store which contains the card details of its users was never breached and hence all the data is still safe. However, earlier this week the company admitted that around 3.5 crore data with masked card data and fingerprints were hacked. The company has now roped in Verizon Business and PriceWaterhouseCoopers (PwC) to undertake an independent forensic audit into the cyber-attack and a review of protocols, policies, and technologies.
The fintech startup ChqBook has denied the hacking incident while the other two companies are yet to react to the claim. Sonit Jain, CEO of GajShield Infotech said that incidents like these leave a negative impression on the digital payment platform and affect the entrustment of its users. He stated that while simple data like email ID and phone number may not look sensitive, it can prove to be lethal means of financial fraud at a personal level if it reaches the wrong hands.
At a time when India Inc’s work culture is increasingly shifting towards work-from-home, cybersecurity experts reckon it could lead to a rise in hacking incidents and data security breaches. Data is the new oil of the digital economy and cybercriminals are capitalizing on the shifting economic trend. In fact, offers to sell hacked data of the corporate world on the dark web rose by 62% in the first quarter of 2020 and as many as 8.1% of the companies hacked around the world in the last year were Indian!
