AgenciesPersonal data of customers of online matchmaking website Bharatmatrimony.com suffered a breach and was available for sale on the darkweb on Thursday, according to Atlanta-based cyber security firm Cyble. The company said that it is investigating the issue and added that there has been "no breach of its current active database of customers".
According to Cyble, the leaked data includes sensitive personal information like names, phone numbers, user IDs and date and time of account creation. A sample of the leaked data has been reviewed by ET.
In its response to ET, a spokesperson for Matrimony.com said, "We are aware of a security issue that has been reported to us recently. As per our investigation, there has been no breach of our current active database of customers. What has been reported belongs to an old database and no sensitive information has been compromised, as we continue to follow the highest order of industry encryption for our customers. Security is a high priority focus area which is continuously monitored through technology advancements and interventions. We assure you that we remain 100% committed to it. We are still investigating and can’t confirm or deny an SQL vulnerability."
BharatMatrimony is a part of Matrimony.com founded by Murugavel Janakiraman and is listed on the BSE and NSE. Shares closed 4.04% lower on the NSE at Rs 27.55 on Thursday.
Data from the company's other internet property Elitematrimony was also part of the breach, according to Cyble.
“The threat actor alleged to have exploited a SQL Injection vulnerability on their platform and leveraged that to extract their databases and user records. The actor is actively selling the database in various cybercrime forums for as low as $500,” said Beenu Arora, CEO and Founder of Cyble.
SQL or Structured Query Language is a programming language used for “talking” to databases. In SQL Injection Attacks, malicious SQL statements are inserted into a field such that the attackers is able to steal the website’s data and have it dumped onto his or her database.
The firm said that the parameter “themeid” was injected onto one of the website’s URLs. “We identified the breach and notified the company,” the cybersecurity firm said.
According to Cyble, the leaked data includes sensitive personal information like names, phone numbers, user IDs and date and time of account creation. A sample of the leaked data has been reviewed by ET.
Customer data worth 1.7 GB belonging to thousands of users was up for sale in exchange for $500 in cryptocurrency, according to researchers at the firm. ET could not independently verify the number of users whose data was compromised.
In its response to ET, a spokesperson for Matrimony.com said, "We are aware of a security issue that has been reported to us recently. As per our investigation, there has been no breach of our current active database of customers. What has been reported belongs to an old database and no sensitive information has been compromised, as we continue to follow the highest order of industry encryption for our customers. Security is a high priority focus area which is continuously monitored through technology advancements and interventions. We assure you that we remain 100% committed to it. We are still investigating and can’t confirm or deny an SQL vulnerability."
BharatMatrimony is a part of Matrimony.com founded by Murugavel Janakiraman and is listed on the BSE and NSE. Shares closed 4.04% lower on the NSE at Rs 27.55 on Thursday.
Data from the company's other internet property Elitematrimony was also part of the breach, according to Cyble.
Discover the stories of your interest
“The threat actor alleged to have exploited a SQL Injection vulnerability on their platform and leveraged that to extract their databases and user records. The actor is actively selling the database in various cybercrime forums for as low as $500,” said Beenu Arora, CEO and Founder of Cyble.
SQL or Structured Query Language is a programming language used for “talking” to databases. In SQL Injection Attacks, malicious SQL statements are inserted into a field such that the attackers is able to steal the website’s data and have it dumped onto his or her database.
The firm said that the parameter “themeid” was injected onto one of the website’s URLs. “We identified the breach and notified the company,” the cybersecurity firm said.
( Originally published on Oct 15, 2020 )
Get Unlimited Access to The Economic Times
