Over the last few years, India has been making headlines with a steady stream of data breaches — ranging from the Aadhaar scandal and Quora row, to the muck-up between Facebook and Cambridge Analytica. In fact, data breaches cost Indian organisations ₹12.8 crores on an average between July 2018 to April 2019, making the country the second-most cyber affected region in the world. The first half of 2019 witnessed a 22% jump in cyber attacks due to the increased deployment of IoT.
With industries like healthcare, financial institutions and other businesses getting breached regularly, consumer internet companies have also been affected. Here, we are listing some major data breaches faced by the Indian consumer internet companies in 2019:
In May 2019, the data of approximately 300 million Indian users on this Swedish mobile application platform was leaked and made available for sale on the dark web. The data, which statistically made up for approximately 70% of the company’s user base of 140 million, was sold for about ₹1.5 lakh — equivalent to 2,000 EUR — on the dark web. Additionally, the data of global users was priced as high as 25,000 EUR.
The alleged leaked database included names and phone numbers of 29.9 million Indians including thousands of celebrities, corporate CEOs and politicians. It also included 1.9 million email addresses, 1.8 million subscriber photos and 20 million Facebook IDs, which was acquired by the hacker through the breach. However, when asked, Truecaller said that the company ran a thorough investigation and later denied any sort of leak in the information. Contrary to the company’s claim, several experts and cybersecurity researchers continued to believe that a huge amount of data could only be accessed by hacking the database of Truecaller.
Earlier this year, one of the e-commerce giants once again claimed to have faced a technical glitch, which exposed the tax reports of some of its sellers to others. When asked, the company admitted that the glitch has affected approximately 400,000 of its sellers, who could easily download the tax reports of other competing vendors, but the issue was soon rectified once flagged.
According to the reports, the leaked data contained sales figures, category split, and the inventory data. Such data could prove to be of material value for the rivals and could be harmful to the vendors working with this tech giant. The company was also hit by a breach last year, that disclosed customer names and email addresses on its website. Knowing that Amazon has faced several such issues over the past years and also such unsolicited exposure of the data this year just managed to spook its customers.
Local search service, Justdial breach was another major lookout this year. According to reports, personal data of over 100 million users of the search engine were exposed online. The data leaked included some important information such as the name of the user, their email IDs, phone numbers and addresses, along with some accessory information such as gender and date of birth. The reason for the breach was the leaky endpoint, courtesy of an expired API. Another loophole was found in the API, wherein the database of the individuals who post reviews on the platform was also exposed. When asked, the company told the media that the newer version of their website was revamped and was breach proofed.
In today’s digital age, with everybody recognising data as the new oil, its security is imperative for businesses. Once breached, it can not only hamper the productivity of the company, but can also wreak the reputation, decrease the brand value, destroy the company’s market capitalisation, and of course, have a major impact on the customer’s loyalty and privacy.