Online rental marketplace start-up Rentomojo operated by Edunetwork Pvt. Ltd and which was started in 2014, Rentomojo allows users in Bengaluru, Mumbai, Delhi NCR and Pune to rent furniture, utilities and motorbikes on a subscription basis has reported an instance of data breach which is likely to affect its 1.5 lakh subscribers. The startup firm said that it has reported this incident to the appropriate authorities and is cooperating fully with the ongoing investigation.
RentoMojo sent an email to its subscribers stating that the firm has detected a security breach and wrote,"recently, our team identified a security breach that involved unauthorised access to one of our databases." "It appears that the attackers were able to get unauthorised access to our customer data, including in some cases personally identifiable information by exploiting the cloud misconfiguration through extremely sophisticated attacks, thus breaching one of our databases. The firm also said that the breach will have no impact on any financial information like Credit cards, Debit cards or UPI as it never store them in the firm's database.
The firm also said that after the data breach it has taken several measures which include:
Secured the database and encrypted all information stored in our database.
Strengthening our infrastructure with advanced security practices like Intelligent Threat Detection, Sensitive Data Discovery and logging IP traffic.
Implemented multi-factor authentication (MFA) for additional layers of protection.
Ongoing security audits and vulnerability assessments to identify and mitigate further risks.
Rotated all the access tokens and updated all passwords immediately.
Implemented Endpoint Detection and Response (EDR) for our network.
Reviewed all the third-party and open-source plugins and integrations.
Meanwhile, users of RentoMojo took to social media asking for an explaination from the firm.
“Disturbing news!\@rentomojo data breach has led to the exposure of my confidential information. Hackers are now blackmailing to release my personal data. This is a serious breach of privacy and security,” wrote a user on Twitter.
"I have received a mail stating data breach from my Rentomojo account and it claims to make my data public since the company did not respond to there demands Insipte to trying to raise a complaint through online didn't succeed Please help," wrote another user on Twitter.
“I have received any email from ShinyHunters that there is data breach on rentomojo and my data has been breached and now available with hackers. Please consider this complaint and any type of loss will be borne by Rentomojo brand,” wrote on Twitter sharing the anxiety.
Catch all the Business News , Corporate news , Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.
MoreLess