As cybersecurity continues to remain a key point to look into in the digitalised era, reports suggest that homegrown audio brand boAt suffered a massive data breach recently. The breach has reportedly left the personal information of over 7.5 million customers exposed and up for sale on the dark web. Experts suggest the leak can also threaten the impacted users’ bank accounts and other secret data.
Breached data market
About 2GB of data containing Personally Identifiable Information (PII) such as names, addresses, phone numbers, email addresses, and customer IDs got leaked, as per insights from Forbes India. The report also suggests that the leaked data was seen on a dark web forum, where it was apparently put up by a hacker known as ShopifyGUY on April 5, 2024. It is believed that around 75,50,000 entries were leaked.
Industry reacts
Industry experts believe that the incident is definitely a wake-up call for consumers. About 7.5 million users’ personal data expected to be floating around the dark web are vulnerable to exploitation. “Individuals should ensure that the same password, if used elsewhere, is promptly updated across all relevant accounts. By taking these swift actions, customers can effectively minimise the risk of unauthorized access and protect their sensitive information from exploitation,” Rakesh Raghuvanshi, CEO and founder, Sekel Tech, highlighted.
With insights from Varonis, over 40 percent of data is overexposed with excessive permissions in its Data Posture Risk Assessment reports. This increases the attack surface for data centric attacks significantly. “ While dealing with Personally Identifiable Information (PII) one of the key focuses should be on continuously upgrading your companies cyber security defences and effectively tackling breaches if any. In order to do so one has to assess the assets that need protection and the vulnerabilities along with the threats that these assets might face in the future,” Hariom Seth, founder, Tagglabs, explained.
The road ahead!
From what it is understood this incident can expose a trend of lax data security practices and stricter regulations and harsher penalties for data breaches is needed. “As a precaution consumers must also become more vigilant. Don’t blindly trust companies with your data. Demand stronger data protection policies and hold companies accountable for breaches. We need a complete overhaul of data security practices in India, and this definitely serves as a case study of what can go wrong,” Somdutta Singh, first-generation serial entrepreneur, founder and CEO, Assiduus Global Inc, LP Angel Investor and Ex-Member Niti Aayog, highlighted.
Critics argued that organisations mostly tend to ignore to evaluate the controls they deployed are relevant to detect and prevent information centric attacks. Irrespective of the method a hacker uses to get into an organisation the motive is always to get access to organisations most valuable asset which is Data.“ Organisations need to know what data is important, critical, where it is residing, who all have access to information and is information overexposed, how information is accessed and differentiate between normal and suspicious data access activity. If organisations have visibility to this, they can also deploy automated controls to continuously enforce access around information and contain any suspicious data access activity proactively,” Maheswaran S, Country Manager, South Asia, Varonis, concluded.
Follow FE Tech Bytes on Twitter, Instagram, LinkedIn, Facebook.
