SUMMARY
Impact Guru had informed customers about the security incident on May 1
The company has claimed to resolve key vulnerabilities that has lead to attack
The company has over 1 Lakh listings and has raised more than INR 950 Cr
With most businesses and daily activities rapidly moving online, there has been a significant rise in the number of cybersecurity attacks as well. Frequent warnings about crowdfunding and fundraising platforms being attacked have come from experts. Last week, Mumbai-based crowdfunding platform Impact Guru faced a cyberattack as well.
In an email sent to customers on May 1, Impact Guru said the security incident involved unauthorised access to the website. It claimed to have initiated an investigation “immediately” with the assistance of “leading” security experts. It also said that the incident has been reported to the requisite law enforcement agencies in India, including the cybercrime cell.
Impact Guru also noted that it has resolved the key vulnerabilities that led to the breach, on the advice of cybersecurity experts. Besides this, it has assured the customers that the platform is completely safe to transact on, while also warning about fake websites masquerading as Impact Guru and conning contributors.
“Please note that Impact Guru never contacts its customers over phone / SMS / email / WhatsApp to ask for their Debit / Credit Card number, CVV, Password / PIN / OTP…Please also note that ImpactGuru.com does not allow donations to be done through bitcoins or any other cryptocurrency,” Impact Guru cautioned its users, in the email accessed by Inc42.
We reached out to Impact Guru seeking more information such as when the attack took place, how long it was active before the company discovered it, what data was compromised and how many users it affected and whether any donations for Covid-19 were targeted. However, Impact Guru did not respond to any of our queries and did not reveal what steps it has taken to ramp up security and protect user data.
Impact Guru has impacted more than 1 Lakh individuals and organisations listed across 15 countries. It claims to have raised over INR 950 Cr through its platform, inclusive of the fund raised by its global crowdfunding partners. In recent months, crowdfunding platforms have witnessed massive growth in fundraising due to Covid-19. Speaking to Inc42 last month, Impact Guru had highlighted that it raised over INR 11 Cr through 800 active campaigns related to Covid-19. ImpactGuru also received an INR 40 Lakh grant in the form of matching funds from the Action Covid-19 Team (ACT), to scale fundraising across India.
ImpactGuru was founded in July 2014 by Piyush Jain and Khushboo Jain and was incubated at Harvard Innovation Lab in August 2014 and at PACT, Singapore in May 2015. In May 2018, the company secured $2 Mn (INR 13 Cr) in Series A round of funding co-led by Apollo Hospitals Group and Venture Catalysts. Prior to this round, it had secured $500K from Singapore VC, RB Investments and Southeast Asia private fund, Fundnel.
As per data compiled by Inc42 on Covid-19 fundraising last month, Impact Guru was the fourth largest fundraiser, trailing GiveIndia, Ketto and Milaap.
Covid-19 Gives Cyber Criminals New Opening
The attack on Impact Guru comes at a time when hackers and scammers are trying to take advantage of the Covid-19 scare and attack systems that are not adequately protected. Delhi Police’s cybercrime department, in March, had listed 13 dangerous websites exploiting the interest and panic around Covid-19.
Google’s Threat Analysis Group had also recently highlighted that its systems detected 18 Mn malware and phishing Gmail messages per day related to Covid-19, in addition to more than 240 Mn COVID-related daily spam messages. “Our machine learning models have evolved to understand and filter these threats, and we continue to block more than 99.9% of spam, phishing and malware from reaching our users,” the group said.
According to the US Federal Trade Commission, citizens in the US have lost $13.4 Mn due to coronavirus-related fraud since the beginning of the year. The figures were based on 18,235 reports the agency had received since January 1.
Cybersecurity firm Reason Labs had also highlighted that the hackers have developed a fake version of online dashboards which are used to track the coronavirus impact in real-time, through which they are trying to steal personal data of the users, including usernames, password, credit card numbers and other information.
Besides this, cybersecurity firms like Cyfirma and Malwarebytes Labs have independently cautioned the government against the threat on India’s Covid-19 data from Pakistan-sponsored hackers. Meanwhile, the National Technical Research Organisation (NTRO) has highlighted that corporations that have relaxed their geofencing restrictions to allow employees to work from home need to ensure that device and network security is not compromised due to such measures. The government also highlighted solutions that help businesses keep their businesses secure from cyber attacks.
