- The data of 7.5 million boAt customers have been leaked on the dark web.
- This data sees the leak of the names, addresses, phone numbers, email IDs and more of these customers.
- A new threat actor that goes by the name ShopifyGUY has taken to a dark web forum to leak the data.
Recently, the Indian budget audio products company boAt was in the news for overtaking Xiaomi and Samsung to become the second largest (first being Apple) wearables maker in the world. However, now, the brand is in a very risky spot. There has been a massive data breach that has leaked the data of 7.5 million boAt customers, as reported by Forbes India.
The leaked data includes the PII (Personally Identifiable Information) of these customers. Now, this data includes the names, addresses, phone numbers, email IDs, and more of these customers. The information was leaked on a dark web platform called BreachForums. The 13GB data was compressed to 2GB and posted on the platform by a threat actor who goes by ShopifyGUY.
From the looks of it, this is the one and only leak by the threat actor, who seems new to the wicked scene of cyberattacks. The compressed data is available to download on the forum for just 8 credits, which is equivalent to ~$2 or Rs 180. So, one can only guess that the critically sensitive data will fall into the hands of people with illegal intentions. From there, it will only be a matter of time for these customers to be subjected to phishing attacks, identity thefts, and so on.
As per the data trove, the data was leaked a month ago and the threat actor uploaded it yesterday on the forum.
Threat Intelligence Researcher Saumay Srivastava sheds light on how threat actors can use this leaked data to get access to credit card information, get unauthorized access to bank accounts, and more. Srivastava says, “The consequences for companies include a loss of customer confidence, legal consequences, and reputational harm. The major implications make it even more essential to implement adequate security practices.”
So, what comes next? Companies have to learn from each others’ mistakes and solidify their privacy walls to counter such attacks. 7.5 million users’ worth of data is far from being a small thing. Founder of Social Brigade, Yash Kadakia, stated that boAt needs to let the customers in on the situation at hand and look into how the data got leaked in the first place.
What Should You Do if You’ve Purchased a boAt Product in Past?
At the time of writing, boAt hasn’t yet said anything about this data breach. But, one thing is for sure. They really need to work on establishing proper security measures to prevent such data breaches from reoccurring in the future.
If you have purchased a boAt product in the past, there are chances that your data including your phone number, email ID, and address might have leaked. We recommend our readers employ privacy mechanisms like 2FA for their social media and bank accounts. Using strong passwords and changing them routinely is also a good practice.
What do you think about this entire fiasco? Let us know in the comments down below.
