Search This Blog

Showing posts with label Data Leaked. Show all posts

Furniture Retailer Vhive's Data Breach: Customer Information Leaked Online, Under Investigation

 

The officials are investigating a data breach at local furniture retailer Vhive, which resulted in customer’s personal information such as phone numbers and physical addresses being leaked online. In response to questions from The Straits Times on Saturday, April 3, police confirmed that a report had been filed on the matter.

According to the company, information compromised in the hack includes customers' names, physical and e-mail addresses, and mobile numbers, but it did not include identification numbers or financial information.

In a Facebook post on March 29, Vhive announced that its server was hacked on March 23 and that it was working with police and other relevant agencies, as well as IT forensic investigators, to investigate the breach. 

"All financial records in relation to purchases made with Vhive are held on a separate system which was not hacked," said Vhive. 

"We are truly sorry for the incident and stand ready to assist you if you require immediate help," Vhive told customers. 

According to ST's checks on Saturday afternoon, Vhive's e-mail servers were also compromised. The website only displayed a warning of the cyber attack, while the company's stores on the online shopping platforms Lazada and Shopee were open for business. 

The Altdos hacking group, which operates mainly in Southeast Asia, has claimed responsibility for the breach. In an email to affected customers on Saturday, Altdos said it had hacked into Vhive three times in nine days and claimed to have stolen information of over 300,000 customers as well as nearly 600,000 transaction records. 

The group announced that it will publish 20,000 customer records daily until its demands to Vhive’s management are met. In its Facebook statement, Vhive said it would be closely guided by the forensic investigator and authorities on the steps to protect its systems and ensure that customers can conduct transactions securely. 

In previous hacking incidents, Altdos has stolen customer data from companies, blackmailed the compromised company, leaked the data online if its requirements were not met, and publicized the violations. The cyberattacks were mainly focused on stock exchanges and financial institutions. 

In January, Altdos claimed to have broken into the IT infrastructure of the Bangladeshi conglomerate Beximco Group and stole data from 34 of its databases. 

Last December, it hacked a Thai securities trading firm and posted stolen data online when the firm allegedly failed to confirm her emails and claims.

Zee5 Once Again Caught In Data Breach; Info Of 9 Million Users Exposed

 

Zee5, an Indian Leading giant over-the-top (OTT) platform has witnessed a data breach. According to the information, the data breach has exposed sensitive credentials of the 9 Million customers of the network. Screenshots of the stolen database which were accessed by Inc42 have disclosed that hacked information contained the names of the clients, IP addresses, phone numbers, email addresses, and their usernames of the Zee5 accounts. 

At first, the incident has been reported to the Inc42 by an independent Cybersecurity researcher ‘Rajshekhar Rajaharia’. Additionally, it has also been confirmed that the leaked data of at least a few clients were genuine and that of Zee5 customers. 

An unidentified threat actor had uploaded a sample of the full stolen database that included descriptive information of 1 Million customers of Zee5 on an AnonFiles link. Whilst the leaked data has not directly compromised the accounts of victims, but there's a high likeability in the future that the details of contact that are contained in the database could be used for large-scale phishing attacks and for various scams in cyberattacks such as taking advantage of the stolen database to try to find similarities on other vulnerable platforms. 

A Zee5 spokesperson responded to Inc42, “We have noted some reports claiming about the data breach at Zee5’s end and we are investigating it further. We would like to confirm that all the sensitive information of our subscriber user base has not been compromised and is fully secured.” 

In July 2020, cyber attackers had affirmed to have stolen a 150 GB sized database that they had planned to sell online privately. 

However, at that time, the organization had responded to the public regarding an attack in negative, even though the intelligence warned that the information is being sold on the dark web. 

As of December 2020, the Zee5 had confirmed that the network has a monthly 65.9 Million active users (MAUs) and 5.4 Million daily active users (DAUs). 

Meanwhile, in June 2020, a Sensor Tower had revealed in its report that the Zee5 OTT platform was the ninth most downloaded streaming app worldwide with 4.16 Million downloads in the month of July itself.  Active users are from India, Pakistan, and the United Arab Emirates; they constitute 96% of the userbase for the platform.