B2B Marketplace Bizongo Fixes Leak That Exposed 2.5 Mn Customer Files

B2B Marketplace Bizongo Fixes Leak That Exposed 2.5 Mn Customer Files

SUMMARY

The company confirmed that it received alerts from AWS about a leak in December 2020

Bizongo said it secured access to the server within a few hours after the notification of the leak

The exposed data reportedly included names, addresses, and phone numbers of the business customers

The cybersecurity vulnerability within the Indian tech ecosystem is growing wider and more apparent by the day, with another report of data leak surfacing this week. This time it’s Mumbai-based Bizongo, a business-to-business (B2B) packaging marketplace that suffered a data leak exposing 2.5 Mn files pertaining to its customers. 

While the vulnerability was fixed soon after the discovery in December 2020, it raises the question of whether Indian startups need to reassess their approach towards data security. 

Bizongo confirmed the presence of an unsecured database which means it was open for access by third-parties. The company said that it received alerts from AWS about a leak through their S3 buckets about four months ago in December 2020 after which it secured access to the server within a few hours. 

Bizongo said that web development firm Website Planet had access to the company’s data when it was open. Website Planet had alerted Bizongo about the vulnerability and worked with the company to fix the issue. However, the company did not reveal whether the data was accessed by other unauthorised third parties

The exposed data is said to include names, addresses, and phone numbers of Bizongo’s business customers, including but not limited to Flipkart, Swiggy, Curefit, Reliance Retail, Delhivery, Box8, Bunge, Saso, Jodhpur, Neolite, Snapdeal, Carnival Group and others, as per Website Planet.

“Website planet, a security blog has reported having access to our S3 buckets when it was open. They have indicated that their goal is only to secure access to customer’s data and are working with us to help resolve the issue,Vinothkumar Srinivasan, VP, engineering & product at Bizongo, told Inc42.

“We take data security very seriously and implement best security practices to keep ours and our customer data secure. We have taken strong measures to prevent such accidental misconfiguration from happening in future,” Srinivasan added.

The five-year-old startup offers packaging supplies for ecommerce, retail, restaurant and hospitality, FMCG, industrial logistics sectors. The company claims to have over 350 clients including many leading brands. On being asked if the impacted customers were informed about the leak, Srinivasan said,We send regular audit reports and any security risks of the data to our customers.

According to Website Planet, there were a total of 2.5 Mn files that were exposed due to the misconfiguration, which amounted to 643 GB of data. 

“With clear examples of branded shipping labels and customer receipts, it was very straightforward to locate the owner of the remaining database,” Website Planet wrote in a blog post, adding, “All of the exposed data were accurately identified with data from real individuals.”

Poor State Of Cybersecurity In Indian Startups

The data leak is just the latest to come to light among the many similar incidents that have seized the headlines and attention of the public in recent months. Recently, Moneycontrol faced a data breach of over 7 lakh users, which was allegedly put on the dark web for sale for $350. 

Last week, online discount broking platform Upstox suffered a data breach that allegedly affected 2.5 Mn users

Earlier, fintech startup Mobikwik denied claims about a data breach impacting 100 Mn users in March 2021. The allegation that was repeatedly denied by the fintech company led to a warning by the RBI who ordered a forensic audit on the breach. Reports of a data breach affecting tech giants Facebook and LinkedIn have also made headlines in recent weeks. 

Similarly, in November last year data from iimjobs.com that included encrypted passwords of 1.4 Mn registered users were allegedly leaked on the dark web. Notably, in most cases, the report of a data breach never came from the affected company’s end. Many companies have faced criticism and backlash from users for not being accountable and not informing impacted users about the data leaks or potential breaches. 

Update: 14th April, 11:07 AM: Earlier version of the story had incorrectly mentioned Jio as a possible impacted business of the data leak, the same has been edited to reflect the right brand impacted i.e. Reliance Retail.

Step up your startup journey with BHASKAR! From resources to networking, BHASKAR connects Indian innovators with everything they need to succeed. Join today to access a platform built for innovation, growth, and community.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

B2B Marketplace Bizongo Fixes Leak That Exposed 2.5 Mn Customer Files-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

B2B Marketplace Bizongo Fixes Leak That Exposed 2.5 Mn Customer Files-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

B2B Marketplace Bizongo Fixes Leak That Exposed 2.5 Mn Customer Files-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

B2B Marketplace Bizongo Fixes Leak That Exposed 2.5 Mn Customer Files-Inc42 Media
B2B Marketplace Bizongo Fixes Leak That Exposed 2.5 Mn Customer Files-Inc42 Media
You’re in Good company