Furniture and motorbike renting marketplace Rentomojo on April 20 reported a data breach that will likely compromise the sensitive information of over one lakh customers.
In an email to the company's subscribers, the Bengaluru-based startup’s CEO and co-founder, Geetansh Bamania, said the company was weighing all options, including legal routes to minimise the impact of the breach.
“It appears that the attackers were able to get unauthorised access to our customer data, including in some cases personally identifiable information by exploiting the cloud misconfiguration through extremely sophisticated attacks, thus breaching one of our databases. We assure you that this has no impact on any financial information like credit cards, debit cards or UPI as we never store them in our database,” Bamania said in his email to customers, a copy of which Moneycontrol has reviewed.
Several customers took to Twitter to say that hacker groups have emailed them and demanded a ransom. Failing to meet their demands would mean customers’ sensitive data would be made public.
“Rentomojo’s data breach has led to the exposure of my confidential information. Hackers are now blackmailing to release my personal data. This is a serious breach of privacy and security,” a user wrote on Twitter.
ShinyHunters is one such hacker group sending out emails to Rentmojo’s users, screenshots from Twitter showed.
“We have also downloaded terabytes of KYC including bank documents, passports, ID cards, driver's licenses, etc. Nonetheless, it seems that RentoMojo is unwilling to pay a penny and would rather we share your data publicly given the lack of response on their end,” ShinyHunters wrote in its email to Rentomojo's customers.
Bamania said the company is now implementing multi-factor authentication (MFA) for additional layers of protection, a practice that has been commonly followed by companies for several years now. A review of all the third-party and open-source plugins and integrations, security audits, and vulnerability assessments are some of the other measures the company said it is taking.
In response to Moneycontrol's queries, Bamania confirmed the developments and said that the company has reported the incident to the authorities concerned and is cooperating with the ongoing investigation.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
