Advance salary app EarlySalary has become the latest victim of the cyber attack as over 20,000 applicants’ data including phone numbers, name, and few personal details were compromised.
This is a serious threat for the three-year-old startup which has over 5 million mobile application downloads, given more than 2.5 lakh loan and claims to have disbursed over Rs 400 crore to customers.
According to the company the vulnerability has been fixed and law enforcement has been informed.
Akshay Mehrotra, the co-founder of EarlySalary clarified that the incident happened in one of the company’s older landing pages for customers who applied for a loan, reports ET.
The form meant for EarlySalary’s call centre to call back the customers. It essentially asks customers to fill some personal details, employment status, and mobile number.
Further, the company assured that it has done a vulnerability test on its systems and the core customer database, including sensitive personal details and transactions has remained completely secure and was not impacted.
EarlySalary through its website informed people that the database credentials have been changed, and additional security blocks have been placed on the website.
The company is also working with law enforcement to identify the IP source for this incident and it will inform Pune Cyber Security Cell about this incident.
For uninitiated, EarlySalary was founded by Akshay Mehrotra and Ashish Goyal and managed by Pune-based Social Worth Technologies. The app-only platform partners with small, medium and large companies to give salary advances to employees.
In the past consumer-facing internet companies have been victimised by miscreants. Cloud kitchen platform Freshmenu’s 110,000 users data was leaked. Unlike EarlySalary, Freshmenu chose not to inform users about the incident.
Besides, Reliance Jio, Zomato, and Swiggy have already faced data leakage incident.