As per QuickCyber, a popular OTT platform — ZEE5 — was allegedly breached by a hacker called John Wick. It was reported that the hacker got hold of a staggering 150 GB of information, including the source code of the ZEE5’s website.
Over 150 million users have subscribed to the ZEE5 platform from across the world. While it is not known the exact number of users’ information the hacker has obtained, information related to messages, passwords, emails, mobile number, and the transaction has been breached.
It is believed that the hacker has planned to disclose the information by selling it on the public domain.
However, Head of technology of ZEE5, Tushar Vohra said that they are investigating the reported claims about the breach. “We are also cognizant of the fact that the OTT sector has exploded in the past few years, so has hackers’ interest in it. Especially, post-COVID-19 outbreak, data hacks have been on a steady rise. But, it is a shallow attempt to gain a vested interest.”
It was claimed that the hacker has also shared the sample of data with a media house that broke the story, which consists of secret keys and credentials of the AWS bucket. As per the sample data, the last update of the database was on 24th April, which indicates that users who subscribe to the OTT platform post-April might be safe.
The shared information also reveals the Korean hacker possesses ZEE5’s code repository on bitbucket.org. Earlier, it was proclaimed that the hacker was able to access the database and extract all the information related to the payments. The hack also brought one of ZEE5’ partners — Axinom — under the spotlight. Axinom provides various tech stack for the OTT platform. The collaboration goes back to 2017, a few months prior to the launch of ZEE5 platform in early 2018.
However, the CEO of Axinom, Ralph Wagner, said that they neither manage the database of the ZEE5 nor do any Axinom solution use MySQL database that the image of the breached information represents. ZEE5 uses Axinom’ solutions to manage content, and ZEE5 software for the website is operated by ZEE5. Nevertheless, Axinom will investigate the instance further and release a statement as soon the investigation is complete.