Security research firm CloudSEK said the data leak contains sensitive information of over 40K IndiaMART sellers
The details include name, user ID, email address, mobile number, address, country and more
IndiaMART claimed no sensitive personal information of suppliers is displayed on its platform and denied a leak in its database
Noida-headquartered B2B ecommerce company IndiaMART said it is investigating the report by cybersecurity startup CloudSEK which claimed that sensitive information of over 40K suppliers registered on IndiaMART was being sold on hacker forums.
CloudSEK researcher Ashok Krishna discovered posts on two forums advertising a database of 43,920 suppliers registered on IndiaMART. “On one forum the post was published on 20 June 2020 at 11:03 AM. The poster claims to have over 49K ‘Indiamart business data.’ In response to this post, another forum member commented that the dump contains 42,985 records, including email addresses,” the report said.
On the second forum the post was published on June 22, 2020 at 6:11 AM. “The poster claims to have 43,920 records, even though the sample filename is ‘Indiamart 01 (Business) – 49000.xlsx.’ In response to this post, another forum member commented that he/she has a total of 700k of this data and has shared a sample as well. We couldn’t verify the commenter’s claim,” the report further said.
The report said that the sample file consisted of 44 records with details like name, user ID, email address, mobile number, address, country etc.
An IndiaMART spokesperson told Inc42 said that basic contact information of sellers is publicly available on many B2B ecommerce platforms and is also advertised on IndiaMART as well as directories, internet portals and search engines. “Neither any sensitive personal information of the Suppliers is displayed on our platform nor it is leaked,” the company said.
It further said that its cybersecurity and technical teams are evaluating CloudSEK’s report and is trying to find out the authenticity of the said report wherein it is claimed that the certain basic information like name, email address, contact number etc. of its listed suppliers are leaked.
“Accordingly, at present, we are not in a position to acknowledge the authenticity of such a report. In case any leakage of even the smallest level is identified by our Cyber Security team post-investigation, we will take the best possible steps to avoid such repetition in future,” the company added.
IndiaMART, which was incorporated in 1999 by Brijesh Agrawal and Dinesh Agarwal, recently got listed on BSE. After starting 2020 on a positive note and with 10 Cr active users, the company also recorded a post-tax profit of INR 44 Cr in Q4 FY20, representing a 55% YoY hike versus INR 28 Cr in the previous quarter and a 33% profit margin.
Besides monetary gains, the company also added over 6 Mn supplier storefronts and 147K paying subscription suppliers in Q4. In FY20, the company had registered a net profit of INR 149 Cr showcasing a 635% YoY hike. The profit before tax was INR 213 Cr, representing a 292% year-on-year (YoY) growth.
Recently, user data from two Indian startups — Zoomcar and Unacademy — was leaked onto the dark web. This was not the first instance of data leaks among Indian startups — there have been cases of security holes in startups such as Skolaro, Justdial and others — but it comes at a time when India’s cyber-infrastructure is at its most vulnerable.