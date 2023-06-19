Home

India’s Largest Tech Retailer Suffers Massive Data Breach: Sensitive Information Of Employees, Customers Compromised

WebsitePlanet has quoted security researcher Jeremiah Fowler for the discovery of a non-password-protected database containing over 8 million documents related to Poorvika.

India's Largest Tech Retailer Suffers Massive Data Breach: Sensitive Information Of Employees, Customers Compromised (Image: Unsplash)

New Delhi: Poorvika, the self-proclaimed largest tech retailer in India, has suffered a massive data breach affecting its employees and customers, according to WebsitePlanet. It says that the publicly exposed documents included highly sensitive personally identifiable information (PII) as well as salary information, detailed employment records, and customer data.

WebsitePlanet has quoted security researcher Jeremiah Fowler for the discovery of a non-password-protected database containing over 8 million documents related to Poorvika. The highly sensitive employee data includes religion, sex, date of birth, marital status, family dependents, if they were still employed with Poorvika or not, reason for quitting (like personal problems, medical reasons) et cetera. After discovering the database, Fowler immediately alerted Poorvika, after which the database was closed to public access. However, Fowler says he never received any response from the company regarding his findings.

What The Database Contained?

Total number of records: 8,091,993 with a total size of 725.8 GB.

The database contained a folder named “All Databases”, which included SQL backups of Poorvika databases, as well as backups of its app and website’s source code.

One folder contained 6,68,243 accounts with names and personal data of what appeared to be customers or app users.

In a limited search of a single human resources backup folder, there were also business and personal employee email addresses; when running a search query for Gmail accounts, the single folder contained 45,542 Gmail addresses.

Internal records included 53,885 PDF files of tax invoices, payment receipts that exposed partial credit card numbers, and other data pertaining to both the customers and the company itself.

Human resources files contained employee data, including salary and bank account information.

Not The First Time

In March 2023, a Twitter handle named @FalconFeedsio which calls itself a threat intelligence platform for cybersecurity professionals, said that claimed that SiegedSec hackers group claims to hold database from Poorvika Mobiles.

“The claimed data includes 15GB of Poorvika account data, financial info, staff data, PII, etc”, said the tweet.

SiegedSec hackers group claims to hold database from Poorvika Mobiles, a retailer based in #India. The claimed data includes 15GB of Poorvika account data, financial info, staff data, PII, etc.#databreach #DarkWeb #DeepWeb #cyberrisk #telegram pic.twitter.com/fxV5maoS7k — FalconFeedsio (@FalconFeedsio) March 20, 2023

