Popular car rental platform Zoomcar is the latest victim of hacking and data theft. Personal data of roughly 3.5 million Zoomcar users is up for sale on the dark web since Thursday. Personal data here includes usernames, email ids, mobile numbers, passwords, and IP addresses.
Zoomcar Data Hack
The report comes from Rajshekhar Rajaharia, the cybersecurity consultant, who noted that he found the data on the dark web while researching. What's more, the hacker is willing to sell back the hacked data for $300.
Zoomcar has been having a steady growth rate and competes with other self-drive car rental startups like Crivezy and Revv. More recently, Zoomcar raised $30 million in fresh funding led by Sony Innovation Fund, the venture arm of Japanese electronics giant Sony.
"The hacker has been privately selling the data for $300 but now he has made it public on the Dark Web," Rajaharia said, reports Economic Times. Furthermore, the hacker notes that the data breach took place back in July 2018.
It comes as no surprise that the hacker has put up the stolen data for sale two years after the breach. Rajaharia explains that hackers generally wait to sell the data to avoid getting caught by officials who track their IP addresses.
Data Hacks Not A Surprise Anymore
This isn't the first time a platform's user database was put up on sale on the dark web. For those unaware, the dark web is part of the cyberspace and a subset of the deep web that is intentionally hidden and requires a special type of browser, software, and configuration to access it. Not surprisingly, a lot of hacked materials are up for sale here, mostly by hackers and those with malicious intent.
More recently, Disney+ account holders' usernames and passwords went up for sale on the dark web, just a few days after its launch. More recently, the Indian education platform Unacademy database of 22 million users was hacked and sold on the dark web.
Currently, Zoomcar hasn't responded to comment on the issue. Users are advised to change their username and password; and also keep different user ids and passwords for every platform.