Zoomcar's database hacked, data of 3.5 million users is up for sale

createrkid · 26th May 2020, 11:29

This is why you must have multi factor authentication enabled on your primary email and other applications that support it especially banking related. Passwords are never fool proof and you can bet someone out there has your password but what they don't have is access to your phone with sms privileges.

Tucker48 · 26th May 2020, 14:26

Quote:

Originally Posted by Nissan1180

The worst consequence is that the driving license will be leaked. It can be used as an identity proof somewhere else.
Also, the breach took place 2 years ago. They are reporting on it now?

It's standard practice to report the breaches after years. Big tech companies also do the same. They always know about the breach but don't reveal the information to public. Otherwise their reputation and stock will go down the drain. Later (when the information is being sold on deep web or when people get to know about the breach) they can say that they managed it well and everything is good now.

The truth is no data is 100% secure.

VJ05 · 26th May 2020, 19:48

I'm not an IT/Technical person, just my 2 cents. To prevent these kinds of data leaks regularly, can the companies adopt just email and mobile-based OTP approach with no requirement of a password. With this, even if the data is leaked, only the email is leaked which anyway is available with Spammers. I know it can be an inconvenience as you would require your cellphone while login but better to be inconvenient than lost your password.

ashishy · 26th May 2020, 20:32

Quote:

Originally Posted by VJ05

I'm not an IT/Technical person, just my 2 cents. To prevent these kinds of data leaks regularly, can the companies adopt just email and mobile-based OTP approach with no requirement of a password. With this, even if the data is leaked, only the email is leaked which anyway is available with Spammers. I know it can be an inconvenience as you would require your cellphone while login but better to be inconvenient than lost your password.

This is an issue with the marketing department. If login is lengthy or requires action wherein user has to move away from the login page, there is a possibility the user does not come back also called as leak in the funnel. This is the reason why touch login is provided nowadays. More than convenience, it takes the user straight to action page

26th May 2020, 11:29	#16
createrkid BHPian Join Date: Apr 2013 Location: Dhaka, BD Posts: 273 Thanked: 443 Times	Re: Zoomcar's database hacked, data of 3.5 million users is up for sale This is why you must have multi factor authentication enabled on your primary email and other applications that support it especially banking related. Passwords are never fool proof and you can bet someone out there has your password but what they don't have is access to your phone with sms privileges.
	(1) Thanks

26th May 2020, 19:48	#18
VJ05 BHPian Join Date: Sep 2019 Location: Pune Posts: 172 Thanked: 170 Times	Re: Zoomcar's database hacked, data of 3.5 million users is up for sale I'm not an IT/Technical person, just my 2 cents. To prevent these kinds of data leaks regularly, can the companies adopt just email and mobile-based OTP approach with no requirement of a password. With this, even if the data is leaked, only the email is leaked which anyway is available with Spammers. I know it can be an inconvenience as you would require your cellphone while login but better to be inconvenient than lost your password.
	() Thanks