Cyber Security

Moneycontrol data breach impacts 7 lakh+ users

A data breach at Moneycontrol has come to light. This  breach has impacted 7 lakh+ users. Independent security researcher, Sourajeet Majumdar in a tweet reported this incident first. As per the tweet, personal data of over 7 lakh users of Moneycontrol was available on the dark web. According to the hackers, the breach occurred six to seven months ago. The majority of victims of the breach are from India.

The leaked data includes users’ usernames, plain-text passwords, phone numbers, email addresses, and city and state of residence.

As per Inc42, the data breach also affects some paid subscribers of Moneycontrol.

Exchange between Majumdar and Moneycontrol’s CTO

On April 9, a day after this report, in a tweet, Pandurang Nayak, CTO, Digital, Network 18 replied

Appreciate that this has been brought to our attention. Prima facie, this appears to be an old data set. Information about current users is safe. The organisation takes its responsibility towards information security very seriously.”

On April 10, Moneycontrol resets users’ passwords stating that they non-compliant with their policy. Moneycontrol sent emails containing username and new password. This came to light after some users started replying to Majumdar’s thread reporting the incident.

After this, Majumdar replied to Nayak’s tweet. He asked him if he acknowledges that there was any breach. He asked as to what criteria Nayak used to come to the conclusion that the data was old. How the company would maintain the protection of the users if the accounts were generated before the password policy was revised.

 Nayak has not yet replied to the questions raised by Sourajeet.

This seems to have become a trend to passively acknowledge a breach by simply suggesting that the leaked dataset ‘seems to be an old data set’, and that the data of present users is safe. Facebook resorted to a similar trick recently when confronted with leaked data. However, readers must note that even if a breached entity labels data as ‘old’, the data could still be in use and does not lose its relevance in phishing campaigns.

Do subscribe to our Telegram channel for more resources and discussions on technology law and news. To receive weekly updates, and a massive monthly roundup, don’t forget to subscribe to our Newsletter.

You can also follow us on InstagramFacebookLinkedIn, and Twitter for frequent updates and news flashes about #technologylaw.

Rajat Chawda

Rajat is a student at the Institute of Law, Nirma University. Since a young age, he was fascinated by the technological advancements and his fascination with gadgets has helped him develop a keen interest in TMT Laws in his journey as a law student. He is associated with Mylawrd to further engage himself and learn in this area.

Share your thoughts!

This site uses Akismet to reduce spam. Learn how your comment data is processed.