RentMojo Data Breach: How Safe Is Your Data With Startups?

More than one lakh subscriber database is under threat after Hacking group Shiny Hunters hacks RentMojo’s Database and steals all the personal information of its subscribers and threatens to make it public.

Data breach can have implications on the subscribers whose data have been stolen and also on the startup from which the data is stolen.

RentMojo, an online furniture rental marketplace that allows users in Bengaluru, Mumbai, Delhi NCR, and Pune to rent furniture, utilities, and motorbikes on a subscription basis, has reported a data breach that is likely to affect its 1.5 lakh subscribers. 

The breach was detected by the company's team, who reported the incident to the appropriate authorities and are cooperating fully with the ongoing investigation.

RentMojo Sends Email to Subscribers Informing Leakage of Personal Data

In an email sent to its subscribers, RentMojo revealed that it had detected unauthorized access to one of its databases, which resulted in the exposure of customer data, including personally identifiable information, due to cloud misconfiguration exploited by sophisticated attacks.

No Impact on Financial Information

However, the firm assured its subscribers that the breach will have no impact on any financial information such as credit cards, debit cards, or UPI, as it never stores such data in its database.

The company has taken several measures to strengthen its security infrastructure, including encrypting all information stored in the database, implementing advanced security practices like Intelligent Threat Detection, Sensitive Data Discovery, and logging IP traffic, and conducting ongoing security audits and vulnerability assessments to identify and mitigate further risks.

Subscribers Receive Threats from Hackers

Despite the company's efforts to address the issue, some of its subscribers expressed their concern on social media platforms. 

One user on Twitter wrote, "Disturbing news! @RentMojo data breach has led to the exposure of my confidential information. Hackers are now blackmailing to release my personal data. This is a serious breach of privacy and security." 

Another user tweeted, "I have received a mail stating data breach from my RentMojo account, and it claims to make my data public since the company did not respond to their demands. Despite trying to raise a complaint online, I didn't succeed. Please help."

@Cyberdost @rentomojo I have received any email from ShinyHunters that there is data breach on rentomojo and my data has been breached and now available with hackers. Please consider this complaint and any type of loss will be borne by Rentomojo brand.

— Ronak Pandya (@ronakhappiness) April 19, 2023

Disturbing news! @rentomojo data breach has led to the exposure of my confidential information. Hackers are now blackmailing to release my personal data. This is a serious breach of privacy and security. #RentomojoDataBreach #PrivacyViolation

— Raj Kumar (@rajkstats) April 19, 2023

Who Are The Hackers?

ShinyHunters sent emails to the subscribers, threatening to make all the accessed data public, including bank documents, passports, ID cards, and driving licences

Data Breach – A Common Phenomenon

Data breaches have become increasingly common in recent years, with companies of all sizes and sectors falling victim to cyberattacks. Such incidents can result in significant financial losses, damage to a company's reputation, and legal implications. It is essential for companies to prioritize cybersecurity and implement robust measures to protect their customers' data.

Consequences of Data Breach for Subscribers

Data breaches can have severe consequences for subscribers whose personal information is compromised. Hackers can use the personal information they obtain from data breaches to impersonate subscribers, open bank accounts, take out loans, or apply for credit cards in their names.

Financial fraud, is another serious threat of data breach by hackers. If hackers gain access to financial information, such as credit card numbers, they can use it to make fraudulent purchases or withdraw funds from bank accounts.

Hackers can use the compromised data to send phishing emails or messages that appear to be from legitimate sources, tricking subscribers into providing more sensitive information or installing malware on their devices. In extreme cases, hackers can use the personal information they obtain to threaten or harm subscribers physically.

Consequences of Data Breach for the Startup

Subscribers may lose trust in the company whose data was breached, leading to a loss of business and damage to the company's reputation. Companies may face legal action or fines for failing to protect their customers' data adequately.

India Suffered 2^nd Highest Data Breach in 2022

The report by Tenable, a cybersecurity company based in Maryland, US, found that India suffered from the second-most tech exposure breaches in 2022.

India accounted for 20 percent of all records exposed as a result of data breaches in 2022, the report added. 

Some of the big data breach incidents of recent times were - SBI Data Breach in 2019, Just Dial Data Breach in 2019, Unacademy Data breach in May 2020, Big Basket on Sale on Dark web in October 2020.

What Can The Companies Do To Protect Data from Hackers?

Data breaches can be protected from hackers by steps like implementing strong passwords and two-factor authentication to prevent unauthorized access, encrypting sensitive data to make it unreadable if stolen, regularly updating software and security systems to address vulnerabilities, conducting regular security audits and vulnerability assessments to identify and mitigate potential risks. The companies can also give limited access to sensitive data only to authorized personnel and educate the employees and subscribers on best security practices to prevent phishing and social engineering attacks.

The companies should use advanced security technologies like Intrusion Detection and Prevention Systems (IDPS) and Security Information and Event Management (SIEM) to detect and respond to security incidents in real-time.

It is important to note that no system can be completely immune to data breaches, but implementing these measures can significantly reduce the risk of a breach and mitigate the impact if one does occur.