Data leaks have become a common phenomenon globally as well as in India. After Reliance Jio and Zomato, data buckets used by Swiggy (via the third party), a Mysore-based health startup, Gromor Finance and spiritual entity Avadhoota Datta Peetham were surfaced on a website.
The leaked information includes bank statements, parsed json files of Gromor’s customer base, offer letter given by HireXP on behalf of Swiggy, and 15,000 scan /diagnostic reports from the unnamed healthcare startup.
Importantly, the website has collected all publicly available data from servers of Amazon Web Services’ storage buckets.
The exposure of data compromised by the aforementioned company was brought to light by Hyderabad-based software engineer Srikanth on Twitter.
Running thread with open buckets related to India found from https://t.co/JOL4xupUpJ . First find — @justickets all of their movie ticketing data is open at https://t.co/hBbWwW5Oq7
— Srikanth ஸ்ரீகாந்த் (@logic) July 9, 2018
Meanwhile Swiggy, as well as HireXP, a firm that manages HR functions for Swiggy, had denied any real leaks. On contrary, Srikanth claims there is a writable bucket with 5 lakh resumes. “Some random hacker even dropped a message, but Swiggy didn’t seem to care probably,” he tweeted.
Crucial users’ data such as passports, PAN cards, Aadhaar cards, property documents also surfaced on the website of an unknown property management firm. Movie ticketing platform JusTickets’ data was also available on the website.
Recent data leaks from India
Last year, in one of the prominent ever data breach in India, Reliance Jio users data was leaked by a website magicapk.com. The leak included names, e-mail id, mobile number, date of SIM card activation including others.
Besides, Zomato also faced a massive data leak when hackers stole names, emails, and passwords of its users in May 2017.
Currently, India digital economy is $270 billion and will touch $1 trillion by 2023. It’s third worst affected nation by cyber attack among to 100 vulnerable country list. According to another report, almost 74% of the organizations in India have not done a risk assessment including cybersecurity.
Update: We have added ‘data buckets’ to reflect clearly that leak for Swiggy happened through HireXp that looks after its Hr function.
The development was first reported by Business Standard.