Zoomcar hacked; data of 3.5 million users is up for sale

According to a media report, Zoomcar's database was hacked and personal data of around 3.5 million users has leaked. The user's data is believed to have been put on sale on the Dark Web.

The leaked data includes names, email ids, passwords, mobile numbers and IP addresses of Zoomcar users. The hacker is said to be selling the data of 9 million Zoomcar users for US$ 300.

According to a cyber security consultant, the hacker was selling the data privately until now. The actual data breach is believed to have taken place in July 2018. It is said that hackers often avoid selling the stolen data soon after the breach as it makes it easier for law enforcement to track down their internet protocols (IP).

Greg Moran, Co-founder and CEO of Zoomcar has issued an official statement regarding the matter - 

"The assertion pertaining to a breach of Zoomcar user’s password data is patently untrue. All Zoomcar data, including user passwords, is encrypted with strong algorithms that make it impossible for anyone to access. Moreover, we have a strict password rotation policy across all our assets along with a robust Akamai security layer.  Furthermore, Zoomcar routinely works with external security auditors (including Big 4 audit firms) to ensure our systems & processes remain robust and best-in-class at all times."

Source