The vogue of data leaks continues as India’s major startup company Zoomcar has received a significant data breach on its server. According to a cybersecurity consultant, it is concluded that personal user credentials of 3.5 million Zoomcar users have been uploaded on the dark web for sale.
Further investigation proved that the harvested data includes names, email ids, passwords credentials, mobile numbers, and IP addresses. The threat actors are selling the harvested user credentials of 9 million Zoomcar users at $300.
“The hacker has been privately selling the data for $300 but now he has made it public on the Dark Web,” said Rajshekhar Rajaharia, the cybersecurity consultant who alerted Zoomcar about the hacker’s plan.
Dark Web is an anonymized part of the internet that ain’t accessible from a normal search engine. Hackers mainly upload the breached data on the dark web because of its anonymity.
Hacker creates a new device that can unlock any luxury car.
It’s been almost a year Since the data breach took place. Just after the breach, hackers denied making the data public because that would be easier for law enforcement officials to track down their internet protocol (IP) addresses. It was very well planned because Trading the harvested data after a year makes it tricky to track the source of the breach.
The company has been doing very well. In fact, in January, Zoomcar raised around $30 million equivalent to Rs 230 crore in a supplementary funding round led by Sony Innovation Fund, the enterprise arm of Japanese electronics giant Sony, as part of its ongoing $100 million Series D round.
What is Zoomcar?
Zoomcar is an Indian self-drive car rental company that provides you with a car on a rental basis. The rental price may range depending upon the car used. The company is headquartered in Bangalore, India. Besides, it was founded in 2013 by David Back and Greg Moran. As of May 2020, the company has expanded itself to 45 cities across the country.
Apart, Zoomcar is a major competitor for other self-drive car rental startups such as Drivezy and Revv.
Precautions taken after data breaches.
Data breaches are eventually inevitable, and if your data is out publicly, what security measures can you take to mitigate the damage? Check out the points below to understand the security measures used right after potential data breaches:
Delete Your Old Accounts: Restricting the exposure of your old user account can definitely be a good idea unless you have backed your important data.
Change Your Passwords: It becomes the topmost priority to change the passwords of your user account. Doing so will protect you from the potential damage that you may suffer in the future.
haveibeenpwned: haveibeenpwned.com is a site that maintains records of all the major data breach occurred across the work. It will let you know if your user credentials are made public on the dark web or its relative derivatives.
Notify Your Bank Accounts: Try contacting your banks and credit card issuers so that you could notify them about your victimization on the data breach. They may assist you in monitoring your account activity.