Zoomcar’s database has been hacked and personal data of around 3.5 million users has leaked, according to a media report. The user data is thought to have been put on the Dark Web for sale.

The leaked data contains the Zoomcar users’ names, email ids, passwords, mobile numbers and IP addresses. The hacker is said to sell the data for US$ 300 of 9 million Zoomcar users.

The hacker had until now been selling the data privately, according to a information security expert. The real data breach is suspected to have taken place in July 2018. Hackers are said to also stop selling the stolen data shortly after the breach because it makes it easier for law enforcement to monitor their internet protocols (IPs).

Zoomcar, CEO and Co-founder, Greg Moran has issued an official statement regarding the matter;

“The assertion pertaining to a breach of Zoomcar user’s password data is patently untrue. All Zoomcar data, including user passwords, is encrypted with strong algorithms that make it impossible for anyone to access. Moreover, we have a strict password rotation policy across all our assets along with a robust Akamai security layer.  Furthermore, Zoomcar routinely works with external security auditors (including Big 4 audit firms) to ensure our systems & processes remain robust and best-in-class at all times.”

source: https://nationalcybersecuritynews.today/hackers-leak-zoomcar-data-of-3-5-million-indians-on-dark-web-deepweb-darkweb-hacker/