5 months ago
44
In a massive leak, the Indian consumer tech and lifestyle company BoAt lost customer data for over 7.5 million (75 lakh). On April 5, 2024, the hacker ShopifyGUY claimed to access BoAt Lifestyle’s data and dumped the information on the dark web, containing personally identifiable information of customers, such as name, address, contact number, and so on.
Data Of Over 75 Lakh Indian Customers Leaked On Dark Web
According to a report by Forbes, the leaked database on the dark web contains over 75,50,000 entries. While purchasing products from the company’s website or other e-commerce platforms such as Flipkart or Amazon, customers share details, such as their billion/shipping address, payment method, and other information mentioned above. While it is normal for companies to collect such information, it can be misused in the wrong hands.
What Can The Threat Actors Use Personally Identifiable Information For?
For instance, threat actors can use the information to commit financial fraud, phishing scams, and, more recently, identity theft. The Forbes report also discusses social engineering attacks that can leverage personal details to access users’ bank accounts and conduct transactions without consent. Further, bad actors can also commit credit card fraud by accessing sensitive information. Threat Intelligence Researcher Saumay Srivastava also explains the consequences of such data breaches, including lack of customer confidence and reputational harm.
The Data Leak Might Have Took Place A Month Ago: Analyst
A senior threat analyst at NetEnrich, Rakesh Krishnan, explains that the leaker’s profile is relatively new. However, as the data furnished by the leak is genuine, it could lead to increased data sales on the dark web. Further, the analyst also claims that the data breach occurred about a month ago, i.e., in March 2024. It is important to mention that the company hasn’t acknowledged the data leak. The founder of Security Brigade highlights in the report that the leaked data is available on some forums for as low as two euros, about 180 INR. In a few days, this data could be available for free, fueling some future phone and email scams.
What Measures Must The Company Take?
Given that BoAt is a market leader in the audio and wearables market, it should implement certain defensive measures soon, such as informing the customers whose data have been leaked, advising them to change the credentials of their online accounts, and strengthening its digital infrastructure to prevent such data leaks in the future. If you’re a BoAt customer, check which email ID you’ve used to order from the brand, and consider changing its password.
You can follow Smartprix on Twitter, Facebook, Instagram, and Google News. Visit smartprix.com for the most recent news, reviews, and tech guides.
English (US)