Recently, boAt, the Indian budget audio products company, made headlines for surpassing Xiaomi and Samsung to claim the second spot (with Apple leading) as the world’s largest wearables maker. However, the brand now finds itself in a precarious situation. A significant data breach has occurred, exposing the information of 7.5 million boAt customers, as per Forbes India’s report .
The leaked data comprises the Personally Identifiable Information (PII) of these customers, encompassing their names, addresses, phone numbers, email IDs, and additional details. This information surfaced on the dark web platform known as BreachForums. Initially totaling 13GB, the data was compressed to 2GB and uploaded onto the platform by a threat actor operating under the alias ShopifyGUY.
It appears that this is the debut leak by the threat actor, who seems to be new to the nefarious world of cyberattacks. The compressed data is up for grabs on the forum for a mere 8 credits, translating to approximately $2 or Rs 180. Consequently, one can speculate that the highly sensitive data is likely to be accessed by individuals with malicious intent. Subsequently, it’s only a matter of time before these customers become targets of phishing attacks, identity theft, and other illicit activities.
According to the data trove, the information was leaked a month ago, and the threat actor uploaded it onto the forum just yesterday.
Threat Intelligence Researcher Saumay Srivastava highlights how threat actors could exploit this leaked data to obtain credit card information, gain unauthorized entry into bank accounts, and perpetrate other malicious activities. Srivastava emphasizes, “The consequences for companies include a loss of customer confidence, legal consequences, and reputational harm. The major implications make it even more essential to implement adequate security practices“
Subsequently, companies must glean insights from the missteps of others and fortify their privacy defenses to thwart similar attacks. The magnitude of data belonging to 7.5 million users cannot be trivialized. Yash Kadakia, Founder of Social Brigade, emphasized that boAt must transparently inform customers about the current situation and conduct a thorough investigation into the root cause of the data breach.
What to Do if You’ve Bought a boAt Product Past?
As of now, boAt has not addressed the data breach. However, it’s evident that they urgently need to enhance their security protocols to prevent similar breaches from happening again in the future.
If you’ve bought a boAt product previously, it’s possible that your data, such as phone number, email ID, and address, could have been compromised. We advise our readers to enhance their privacy by implementing measures like two-factor authentication (2FA) for their social media and banking accounts. Additionally, using robust passwords and regularly updating them is strongly recommended.
What are your thoughts on this entire debacle ? Share your opinions in the comments below.
0 Comments