Stories

Data buckets with crucial info of Swiggy, JusTickets, Gromor Finance get exposed

Swiggy

Data leaks have become a common phenomenon globally as well as in India. After Reliance Jio and Zomato, data buckets used by Swiggy (via the third party), a Mysore-based health startup, Gromor Finance and spiritual entity Avadhoota Datta Peetham were surfaced on a website.
The leaked information includes bank statements, parsed json files of  Gromor’s customer base, offer letter given by HireXP on behalf of Swiggy, and 15,000 scan /diagnostic reports from the unnamed healthcare startup.
Importantly, the website has collected all publicly available data from servers of Amazon Web Services’ storage buckets.
The exposure of data compromised by the aforementioned company was brought to light by Hyderabad-based software engineer Srikanth on Twitter.

Meanwhile Swiggy, as well as HireXP, a firm that manages HR functions for Swiggy, had denied any real leaks. On contrary, Srikanth claims there is a writable bucket with 5 lakh resumes. “Some random hacker even dropped a message, but Swiggy didn’t seem to care probably,” he tweeted.
Crucial users’ data such as passports, PAN cards, Aadhaar cards, property documents also surfaced on the website of an unknown property management firm. Movie ticketing platform JusTickets’ data was also available on the website.

Recent data leaks from India

Last year, in one of the prominent ever data breach in India, Reliance Jio users data was leaked by a website magicapk.com. The leak included names, e-mail id, mobile number, date of SIM card activation including others.
Besides, Zomato also faced a massive data leak when hackers stole names, emails, and passwords of its users in May 2017.
Currently, India digital economy is $270 billion and will touch $1 trillion by 2023. It’s third worst affected nation by cyber attack among to 100 vulnerable country list. According to another report, almost 74% of the organizations in India have not done a risk assessment including cybersecurity.
Update: We have added ‘data buckets’ to reflect clearly that leak for Swiggy happened through HireXp that looks after its Hr function.
Source: Entrackr

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button