RentoMojo informed its users about the data breach through an email
However, the startup claims that financial information are still safe
More than 1 Lakh users' data are likely to be at stake with this cyber attack
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
Online rental furniture startup RentoMojo has reported a data breach today. The startup brought it to the notice of the subscribers this morning through an email and ensured that the financial data was still safe.
In the email to the customers, RentoMojo wrote, “It appears that the attackers were able to get unauthorised access to our customer data, including in some cases personally identifiable information by exploiting the cloud misconfiguration through extremely sophisticated attacks, thus breaching one of our databases. We assure you that this has no impact on any financial information like Credit cards, Debit cards or UPI as we never store them in our database.”
In the email, the startup also mentioned that as a part of the investigation process, they are:
- Securing the database and encrypting all information stored in the database
- Implementing multi-factor authentication (MFA) for additional layers of protection
- Ongoing security audits and vulnerability assessments to identify and mitigate further risks
- Implementing Endpoint Detection and Response (EDR) for network
- Reviewing all the third-party and open-source plugins and integrations
However, subscribers made multiple tweets about getting threat calls and spam emails upon the breach.
Founded in 2014 by Achal Mittal, Ajay Nain, and Geetansh Bamania, RentoMojo’s app has more than 1 Mn downloads, and 1 lakh subscribers who are likely to be impacted.
Since 2021, different size businesses hailing from varied industries have faced cyber attacks. Air India, Domino’s India, Upstox, Uacademy, etc faced data breaches in the past.
It is true that cyber attacks have become a frequent incident with the growing reliance on digital databases.
Recently, the Cyberabad police of Telangana busted a data theft gang, who were accused of stealing data from 669 Mn user accounts from 24 states and eight metropolitan cities of India.
Police claimed that the gang had stolen data of several Indian tech startups, including BYJU’S, Vedantu, Paytm, PhonePe, Zomato, PolicyBazaar, CRED, BigBasket and Upstox.
According to a Business Standard report, India has witnessed the second highest number of cyber attacks out of which about 20% happened in 2022. About 2.29 Bn data were exposed to threat in 2022.
The mounting number of such cases has boosted the growth of companies operating in the cyber protection space. This month two Indian cyber security startups have raised funding. While CYFIRMA raised $5.5 Mn in a Pre-Series B round, Safe Security raised $50 Mn in its Series B funding round.
Update | 20th April, 16:45 IST
The story has been updated to include the number of subscribers of RentoMojo. While the app has 1 Mn downloads, its subscriber number stands at 1 Lakh – who are likely to be impacted amid the breach.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.