One of the biggest online marketplaces in India, IndiaMart has been attacked by the inauthentic breach which exposed sensitive information related to 40,000 suppliers.
Talking about the background profile India mart it is a B2B e-commerce site with an aim of connecting suppliers across the country.
The data was first discovered by Researcher Ashok Krishna from the threat monitoring platform CloudSEK. The data had information related to thousands of suppliers and was up for sale. This list has approximately the data of 44000 suppliers.
The data up for sale has sensitive information like user IDs, full names, addresses, email addresses, and phone numbers.
Krishna claimed that he has verified through publicly found sources and found them to be legitimate. The sample contains data of suppliers so registered in February 2016 and mainly from the Gujarat state. The respective details can be used by many phishing campaigns, scams, and similar projects.
These details also post a threat to the bank and other accounts of the victim as the mobile numbers and email IDs are generally linked to them.
The post explains that “Whether a bug in the IndiaMART website or an unsecured database, if not remediated, could put six million-plus suppliers on the platform at risk.”
Advice
CloudSek has advised that the suppliers of IndiaMART must immediately check whether their accounts are safe or not. The advice also includes not sharing of OTPs with any other devices. IndiaMART is advised to hold an audit to actually see how much data has been leaked.
