Indian car rental platform Zoomcar has become the latest victim of data theft, affecting roughly 3.5 million of its users. According to Rajshekhar Rajaharia, the security consultant who discovered the hack, personal data of the impacted users are up for sale on the dark web since Thursday.
“I found this data on the dark web while researching. About 91 Lakh user data is up for sell and 36 Lakh is public on the dark web,” Rajaharia revealed.
According to his report, the anonymous hacker, who is behind the leak, claimed to have accessed Zoomcar’s database in 2018 and has been selling the stolen data privately until now.
“Selling stolen data immediately makes it easier for authorities to track them, so to be on the safe side, the threat actors took some time,” the researcher explained.
Among the details included in the breach are customers’ names, emails, passwords, mobile numbers, and IP addresses.
From what Rajaharia observed, the hacker is selling a database containing info of 36 Lakh users for $1 to $2 only, while the complete database of 9 million Zoomcar users is available at $300.
Moreover, he added that cybercriminals are currently trying to decrypt the hashed passwords available in the database, which could put users at greater risk.
“The hackers are working on decrypting the passwords available in this public database and this could result in hacking of user accounts,” he explained.
Zoomcar, however, tagged the report to be untrue, saying that the company has “a high privacy bar with strict data protection standards.”
"The assertion pertaining to a breach of Zoomcar user’s password data is patently untrue,” said Zoomcar Co-founder and CEO Greg Moran. “All Zoomcar data, including user passwords, is encrypted with strong algorithms that make it impossible for anyone to access.
“Moreover, we have a strict password rotation policy across all our assets along with a robust Akamai security layer. Furthermore, Zoomcar routinely works with external security auditors (including Big 4 audit firms) to ensure our systems & processes remain robust and best-in-class at all times,” he added.
Founded in 2012, Zoomcar works as a popular self-drive car rental platform. To date, the startup operates in more than 45 cities and claims to serve over three thousand customers daily. It is currently up against other self-drive car rental startups, such as Drivezy and Revv.
