Database Of 9.1 Mn Zoomcar Users On Sale On The Dark Web

Database Of 9.1 Mn Zoomcar Users On Sale On The Dark Web

SUMMARY

The database contains user names, email, phone numbers and encrypted passwords

An anonymous hacker claims to have breached Zoomcar's database in 2018

The complete database is being sold for $300

An independent security researcher has discovered a database of 9.1 Mn Zoomcar users being sold on the dark web by an anonymous hacker. The database includes sensitive user data like name, email, phone number, IP address and encrypted passwords. 

The anonymous hacker claims to have breached the Bengaluru-based mobility startup’s database in 2018 and has now made it available for sale. A database with details of 36 Lakh users is being sold for just $1-$2, whereas the complete database is available for $300 (INR 22K). 

Security researcher Rajshekhar Rajaharia told Inc42, “The hackers are working on decrypting the passwords available in this public database and this could result in hacking of user accounts.” He added that the company should instantly inform users about the vulnerability and ask them to change passwords. Even without the passwords, email address and phone numbers of the users are a privacy risk to users. 

However, in response to an Inc42 query, a Zoomcar spokesperson said, “Zoomcar has a high privacy bar with strict data protection standards. Our customers’ data is absolutely secure.”

Screenshot from the leaked Zoomcar data shared with Inc42 by the security researcher
(Image: Screenshot from the leaked Zoomcar data shared by the security researcher)

We validated the phone numbers from this screenshot against Zoomcar’s login page, which showed that these numbers and email IDs are indeed registered on the platform. We also verified the validity of this process by entering the phone numbers of friends who are current users of Zoomcar. The database also contains details of Zoomcar founders.

Zoomcar was founded by David Back and Greg Moran in 2012, with presence in more than 45 cities, including Bengaluru, Delhi, Mumbai, Kochi and Pune among others. The company claims to serve over three thousand customers every day and has over 48 lakh subscribers and a fleet of over 6.5K cars. 

Till now, Zoomcar has raised around $100 Mn across funding rounds. Its investors include Trifecta Capital, InnoVen Capital, Sequoia Capital, Empire Angels, Mahindra and Mahindra, among others.

According to its filings for FY19, Zoomcar increased its revenue to INR 266 Cr in FY19 from INR 157 Cr in FY18. However, the company’s expenses also almost doubled to INR 468 Cr as compared to INR 274 Cr in FY18. This also spiked Zoomcar’s losses to INR 201 Cr (FY19) from INR 116 Cr in the previous year.  

Data Breaches On The Rise In Indian Startups

Other Indian startups including Chqbook, Ixigo, Justdial, have also faced cybersecurity concerns cases in the past year. Most recently, Gurugram-based online school management platform Skolaro exposed data belonging to over 50K students studying in around 100 Indian schools, their parents as well as teachers, after storing its database in unsecured servers

The number of data breaches in India has shot up in the past few years. According to MeitY, India witnessed 3.94 Lakh instances of cybersecurity incidents in 2019. This data was reported to and tracked by the Indian Computer Emergency Response Team (CERT-In).  

Further, the MeitY minister has earlier noted in a Lok Sabha session that 49.4K, 50K, 53K, 208K and 394K cybersecurity incidents were reported in the year 2015, 2016, 2017, 2018 and 2019 respectively.

A 2019 joint study by PwC India and Data Security Council of India (DSCI) highlighted that the average cost of a data breach in the country has gone up to INR 11.9 Cr, an increase of 8% from 2017.

Update | 21:00, May 22, 2020
Zoomcar spokesperson reply to Inc42 query was added to the story.

Step up your startup journey with BHASKAR! From resources to networking, BHASKAR connects Indian innovators with everything they need to succeed. Join today to access a platform built for innovation, growth, and community.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
UNLOCK 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
UNLOCK 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Database Of 9.1 Mn Zoomcar Users On Sale On The Dark Web-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Database Of 9.1 Mn Zoomcar Users On Sale On The Dark Web-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Database Of 9.1 Mn Zoomcar Users On Sale On The Dark Web-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Database Of 9.1 Mn Zoomcar Users On Sale On The Dark Web-Inc42 Media
Database Of 9.1 Mn Zoomcar Users On Sale On The Dark Web-Inc42 Media
You’re in Good company