SUMMARY
Cyble has found that the leaked data contained names, phone numbers and emails of LimeRoad users
LimeRoad has called allegations baseless claiming that the data points are just random selections
Cyble has previously highlighted data breaches of Truecaller, Unacademy, Naukri.com, BEML and IndiaBulls
Around 1.29 Mn customer records of ecommerce platform LimeRoad were posted on the Dark Web for sale, US-based cybersecurity firm Cyble confirmed. However, the online marketplace has denied the report.
Calling allegations “baseless”, LimeRoad’s cofounder Suchi Mukherjee said, “As of now, only 44 numbers are available for the sample, of which very few can match our users’ numbers. We have no reason to believe anything other than that this is a random selection.”
“We have asked the poster of the darknet and the officer from the cybersecurity front to give us the data to validate. We have not received any further data. Given the current data points, we have no reason to believe these numbers belong to any of our customers,” she added. The company was founded in 2012 by Mukherjee, Manish Saksena and Ankush Mehra.
Cyble has maintained that the data seems legitimate and it came across the alleged data records of 1.29 Mn LimeRoads customers during its regular deep web and Dark Web monitoring. The leaked database included names, phone numbers and emails of the users. The company has indexed the data on its data breach monitoring and notification platform, AmiBreached.com.
As the world is rapidly moving towards the virtual world to carry on with their day-to-day businesses in this Covid-19 stricken period, there has been a significant rise in the number of cybersecurity threats and data breaches. Ever since India has been affected by the Covid-19 and the resultant lockdown, Cyble has highlighted data breaches of companies like Truecaller, Unacademy, Naukri.com, Bharat Earth Movers Limited (BEML) and IndiaBulls.
While Unacademy and BEML have accepted the data breach. Naukri.com has alleged that the data found dates back to the year 2006 – 2012, and there is no proof that the data has been collected from Naukri.com even though the file does.
Mumbai-based crowdfunding platform Impact Guru has faced a cyberattack as well. The company, in an email sent to its users, had confirmed that the security incident involved unauthorised access to the website. It claimed to have initiated an investigation “immediately” with the assistance of “leading” security experts.
Besides this, cybersecurity firms like Cyfirma and Malwarebytes Labs have independently cautioned the government against the threat on India’s Covid-19 data from Pakistan-sponsored hackers. Meanwhile, the National Technical Research Organisation (NTRO) has highlighted that corporations that have relaxed their geofencing restrictions to allow employees to work from home need to ensure that device and network security is not compromised due to such measures.
According to Google’s Threat Analysis report published in April, its systems had detected 18 Mn malware and phishing Gmail messages per day related to Covid-19, in addition to more than 240 Mn Covid-related daily spam messages. The report also added that its machine learning models have evolved to understand and filter these threats and TAG continues to block more than 99.9% of spam, phishing and malware from reaching its users.
