The business said that it is considering all available alternatives, including legal avenues, to lessen the impact of the incident.
Rentomojo, a marketplace for rental furniture and motorcycles, announced a data breach on April 20 that most likely exposed the private data of over a lakh clients.
Geetansh Bamania, CEO and co-founder of the Bengaluru-based business, wrote to the company’s subscribers in an email to say that the company was considering all alternatives, including legal avenues, to lessen the impact of the breach.
“It appears that the attackers breached one of our databases by taking advantage of the cloud misconfiguration through incredibly sophisticated attacks and gaining unauthorised access to our customer data, including in some cases personally identifiable information. We guarantee that this won’t affect any financial data, such as credit card, debit card, or UPI information because we never save it in our database, Bamania wrote in an email to clients that Moneycontrol has seen.
Several clients said that hacking organisations had sent them emails demanding a ransom. Sensitive client information would go public if their demands weren’t met.
“My private data was exposed as a result of the data breach at Rentomojo. Now, hackers are extorting my personal information. This is a significant compromise of security and privacy, a user tweeted.
Screenshots from Twitter showed that one such hacker organisation, ShinyHunters, was sending emails to Rentmojo subscribers.
“We also downloaded terabytes of KYC, which included bank records, passports, ID cards, driver’s licences, and other official documents. However, given their lack of reaction, it appears that RentoMojo is reluctant to pay a dime and would prefer that we release your data publicly, ShinyHunters stated in an email to RentoMojo users.
Multi-factor authentication (MFA), a practise that has been widely used by businesses for a number of years, is now being implemented, according to Bamania. Other procedures, according to the business, include security audits, vulnerability assessments, and a review of all third-party and open-source plugins and interfaces.
In response to questions from Moneycontrol, Bamania verified the new information and stated that its business had reported the event to the relevant authorities and was helping with the investigation.