Moneycontrol Resets Passwords En Masse After Alleged Data Breach Impacting 7 Lakh Users

Moneycontrol Resets Passwords En Masse After Alleged Data Breach Impacting 7 Lakh Users

SUMMARY

Personal data of over 7 lakh users has allegedly been leaked on the dark web, where it’s available for sale for $350

According to independent cybersecurity researcher Sourajeet Majumder, the leaked data includes users’ usernames, passwords, phone numbers, email addresses and their city and state of residence

Worryingly, the leaked passwords are in plain text, allowing Sourajeet to verify that the leaked details are genuine for a sample of 40 accounts whose details have been leaked

Network18-owned financial portal Moneycontrol, which has reported extensively about data breaches affecting companies such as Upstox and Mobikwik, seems to have suffered the same fate, as personal data of over 7 lakh users has allegedly been leaked on the dark web, where it’s available for sale for $350. 

Worryingly, passwords stored in plain text have also been leaked, which prompted the company to reset the passwords of some users. 

According to independent cybersecurity researcher Sourajeet Majumder, the leaked data includes users’ usernames, plain-text passwords, phone numbers, email addresses and their city and state of residence. Since the passwords are in plain text, anyone with access to the sample of 40 accounts released by the hackers can verify that the leaked details are genuine, Majumder told us and said that he has himself verified many of the leaked accounts. 

Inc42 also verified the leaked data to be genuine for a few users. It is worth noting that some of the affected users are those who have subscribed to Moneycontrol’s paid subscription service Moneycontrol Pro. 

The leaked database, a screenshot of which has been shared by Majumder on Twitter, contains details of 7,73,000 Moneycontrol users. However, hackers behind the data leak have claimed to be possessing details of 40 Mn users on the website. 

Majumder has claimed that just a day after he made news of the data leak public on Twitter, Moneycontrol sent an email to some users, informing them that their password had been reset as it didn’t comply with the platform’s updated policy. But Majumder has claimed that Moneycontrol hasn’t updated its password policy in years. 

Majumder has learnt from the hackers that they were able to hack the details of the website’s users through a blind SQL injection that asks the database true or false questions and determines the answer based on the application’s response.

Inc42 first got word of this data leak through cybersecurity researcher Rajshekhar Rajaharia, who had spotted the leaked database uploaded on MediaFire in February. Days later, the file was removed by e-Eighteen.com Limited, which owns Moneycontrol and is a subsidiary of Reliance-owned Network18. 

Responding to Majumder’s claims, Pandurang Nayak, chief technology officer for Digital at Network18, wrote on Twitter that the leaked data was old. “Information pertaining to current users is absolutely safe. The organisation takes its responsibility towards information security very seriously,” he added. 

“The best systems and protocols are in place to prevent data breaches. We review our systems periodically and constantly work to improve the security of our information based on feedback received.”

Moneycontrol didn’t respond to our queries about the data breach by the time of publication. The online financial portal claims to have 17 Mn monthly visitors. 

The Moneycontrol data leak comes days after online discount broking platform Upstox suffered a data breach that allegedly affected 2.5 Mn users. And last month, fintech startup Mobikwik denied claims about a data breach impacting 100 Mn users. Data breaches that affected global tech giants Facebook and LinkedIn have also made the news in recent weeks. 

A report by IBM’s ‘Cost of a Data Breach Report 2020’ states that Indian companies witnessed an average $2 Mn total cost of a data breach in 2020, representing an increase of 9.4% from 2019.  A total of over 26,100 Indian websites were hacked last year as per the data recorded by the state-owned Indian Computer Emergency Response Team (CERT-In).

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

You have reached your limit of free stories
Become An Inc42 Plus Member

Become a Startup Insider in 2024 with Inc42 Plus. Join our exclusive community of 10,000+ founders, investors & operators and stay ahead in India’s startup & business economy.

2 YEAR PLAN
₹19999
₹7999
₹333/Month
Unlock 60% OFF
Cancel Anytime
1 YEAR PLAN
₹9999
₹4999
₹416/Month
Unlock 50% OFF
Cancel Anytime
Already A Member?
Discover Startups & Business Models

Unleash your potential by exploring unlimited articles, trackers, and playbooks. Identify the hottest startup deals, supercharge your innovation projects, and stay updated with expert curation.

Moneycontrol Resets Passwords En Masse After Alleged Data Breach Impacting 7 Lakh Users-Inc42 Media
How-To’s on Starting & Scaling Up

Empower yourself with comprehensive playbooks, expert analysis, and invaluable insights. Learn to validate ideas, acquire customers, secure funding, and navigate the journey to startup success.

Moneycontrol Resets Passwords En Masse After Alleged Data Breach Impacting 7 Lakh Users-Inc42 Media
Identify Trends & New Markets

Access 75+ in-depth reports on frontier industries. Gain exclusive market intelligence, understand market landscapes, and decode emerging trends to make informed decisions.

Moneycontrol Resets Passwords En Masse After Alleged Data Breach Impacting 7 Lakh Users-Inc42 Media
Track & Decode the Investment Landscape

Stay ahead with startup and funding trackers. Analyse investment strategies, profile successful investors, and keep track of upcoming funds, accelerators, and more.

Moneycontrol Resets Passwords En Masse After Alleged Data Breach Impacting 7 Lakh Users-Inc42 Media
Moneycontrol Resets Passwords En Masse After Alleged Data Breach Impacting 7 Lakh Users-Inc42 Media
You’re in Good company