Home/ Technology / News/  Chinese loan app Moneed leaked over 350 mn India users data from server in China
Back

Chinese loan app Moneed leaked over 350 mn India users data from server in China

 1 min read Prasid Banerjee 14 Aug 2020, 05:58 PM IST

Besides name and phone number, the database includes information about the phone a person was using, the apps installed on said phone, and their IP addresses, suggesting that Moneed’s access to a user’s data is extremely invasive

The database has over 350 million records of Indian users, including their names and phone numbers. Photo: iStockPremium
The database has over 350 million records of Indian users, including their names and phone numbers. Photo: iStock

NEW DELHI: A vulnerability in Chinese micro-lending app, Moneed, may have exposed personal details of millions of Indian users. The vulnerability was found by security researcher Anurag Sen, who informed the company about it. While Moneed didn’t immediately respond to the researcher’s email, the company claims it has fixed the error after a report from The Next Web yesterday.

The database, which was seen by Mint, has over 350 million records of Indian users, including their names and phone numbers. It was stored on a server in China, even though the company’s founder, Leon Xu, claimed all Indian data is stored in Mumbai. The database also includes information about the phone a person was using, the apps installed on said phone, and their IP addresses, suggesting that Moneed’s access to a user’s data is extremely invasive.

The company has another app on the Play Store, called MoMo, which works the same way as Moneed. The permissions list for that app says it can even control a phone’s vibration, connect and disconnect from WiFi networks, have full network access, modify a phone’s storage and read content on the phone, read contacts and modify them, and much more.

The app takes access to users’ contact lists, and uploads the same to its servers. That means your phone number and name may be on the database even if you haven’t used the app.

In a conversation with Mint via LinkedIn, Xu said the company has millions of users in India. He denied that the data belonged to Moneed at first, and said the researcher hadn’t reached out to the company. However, he later said he would check with his teams about the same.

In an official statement sent to Mint today, the company said it has “thoroughly" communicated with the researcher and made fixing the loophole its top priority. “We have also thoroughly checked every part of our internal technology system with strengthening our firewall and security protection to completely meet the standards and requirements according to the laws and regulations set forth by the authorities," the company said in its statement.

The researcher, though, says that all he received from the company was a single email, with a statement similar to the one put on its social platforms and sent to the media.

ABOUT THE AUTHOR
Prasid Banerjee
An engineering dropout, Prasid Banerjee has reported on technology in India for various publications. He reports on technology through text and audio, focusing on its core aspects, like consumer impact, policy and the future.
Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
More Less
Updated: 14 Aug 2020, 05:58 PM IST
OPEN IN APP
Recommended For You

Wait for it…

Log in to our website to save your bookmarks. It'll just take a moment.

Yes, Continue

You are just one step away from creating your watchlist!

Login Now

Wait for it…

Oops! Looks like you have exceeded the limit to bookmark the image. Remove some to bookmark this image.

Your session has expired, please login again.

Yes, Continue
×
Get alerts on WhatsApp
 Set Preferences My Reads Watchlist Feedback Redeem a Gift Card Logout