RentoMojo, the Bengaluru-based rental service provider, sent an email to its subscribers stating that the company has detected a security breach that involved unauthorised access to one of its databases.
The company, which has over 1 lakh subscribers, said in the email: “It appears that the attackers were able to get unauthorised access to our customer data, including in some cases personally identifiable information by exploiting the cloud misconfiguration through extremely sophisticated attacks, thus breaching one of our databases.”
RentoMojo has reported the cyber attack incident to the authorities and initiated an investigation while engaging with cybersecurity as well as legal experts.
After detecting the attack, the company has claimed to have taken a series of measures, including securing the database and network, implementing multi-factor authentication, updating all the passwords and reviewing all the third-party, open-source plugins and integrations.
While the email states that “we assure you that this has no impact on any financial information like Credit cards, Debit cards or UPI as we never store them in our database”, many RentoMojo subscribers received suspicious emails from ShinyHunters.
This is possibly the same group of hackers that became prominent in 2020. The group claimed to have stolen over one crore user accounts details from the educational platform Unacademy and was possibly responsible for online grocery store BigBasket’s data breach which impacted over two crore users.
The email from ShinyHunters ([email protected]) reads: “Hello we are the ShinyHunters group and recently we exfiltrated the data from RentoMojo.”
The email shared details of the accessed KYC document as evidence which, according to some subscribers, are accurate.
The email from the alleged attackers further states: “We have also downloaded terabytes of KYC including bank documents, passports, ID cards, driver’s license, etc. Nonetheless, it seems that RentoMojo is unwilling to pay a penny and would rather we share your data publicly given the lack of response on their end.”
Many RentoMojo users took to social media and shared the screenshots of the email while asking for an explanation on this cybersecurity issue.
Read all the Latest India News here
Comments
0 comment