On June 5, Dainik Bhaskar broke the news that the Rajasthan Police Special Operations Group (SOG) had caught the person who had hacked the online lingerie marketplace Zivame. The man, Sanjay Soni (who goes by @Cyber_Huntss on Twitter), allegedly had access to the data of 15 lakh Zivame customers – this included their names, email addresses, and contact numbers. The hack first became public news when the cybersecurity threat intelligence platform FalconFeedsio tweeted about it on April 11, saying that this data was being sold on Telegram.
Multiple vendors have allegedly kept https://t.co/UlrY5LOh8S database for sale through telegram channels and hackers forum. The claimed database of 1.5M records contains name, address, ph no, email, etc. Although authenticity of these claims are yet to verified.#India #darkweb… pic.twitter.com/0XAODOXjnl — FalconFeedsio (@FalconFeedsio) May 11, 2023
So what happened?
- On April 24, Zivame received an email from email@example.com saying that their servers had been hacked and that the hacker had access to the data of 15 lakh customers (out of the total 92 lakh customers of Zivame), according to the FIR filed by Reliance retail (of which Zivame is a subsidiary) employees (reviewed by MediaNama). It is worth noting that ‘shadowhackerleaks’ is also the name of the group on which FalconFeedsio first found out about the leaked information.
STAY ON TOP OF TECH POLICY: Our daily newsletter with top stories from MediaNama and around the world, delivered to your inbox before 9 AM. Click here to sign up today!
- According to the FIR, the case was investigated under Section 66A of the IT Act (which calls for punishment for sending offensive messages), Section 295 A (which calls for punishment for deliberate and malicious acts, intended to outrage religious feelings) of the Indian Penal Code (IPC) and Section 153 A of the IPC (which punished those promoting enmity between different groups on grounds of religion, race, place of birth and residence).
- On May 16, Cyber_Huntss tagged Zivame in a tweet saying that their database had been hacked and that the hacked data belonged to “Hindu girls”. He claimed that the details had been shared with “several Muslim-dominated groups” and asked the company’s customers to file an FIR against Zivame.
- On May 24, the hacker contacts Zivame again with another email id firstname.lastname@example.org asking for a ransom, saying that Zivame’s server vulnerabilities made it possible for the hacker to access the data of Hindu girls. The police told BoomLive that a Twitter user called Cyber Daku extorted $1500 from Zivame of which $1000 had been transferred to Soni through cryptocurrency. The BoomLive report also mentioned that despite the claims made by Soni and by the hacker in the email, the leaked data contained records of people belonging to multiple communities with at least 100 names being of Muslim and Sikh customers.
- On May 25, a screenshot of the email sent to Zivame was leaked on the internet and was soon posted by Cyber_Huntss. Cyber_Huntss even posted an elaborate statement from the hacker exposing a Zivame engineer who paid him off without the knowledge of his supervisors.
1.5 Million Hindu girls details compromised which includes name, number, address and order details.
And all details been shared to muslims already. Do you want because of you unsecured servers hindu girls should get affected??
Guy’s, advocate in my following list… pic.twitter.com/gSNgkwRItN — Cyber Huntss (@Cyber_Huntss) May 16, 2023
First Ever Confirmation of Data Hacked of https://t.co/cUp6BtF6xo
Exposing Monish Kaul Security Researcher at https://t.co/cUp6BtF6xo From Shadow Hacker.
From Shadow Hacker: link to read here.https://t.co/e23SCcCn0Y
Hello, I am here to expose Monish… — Cyber Huntss (@Cyber_Huntss) May 25, 2023
Why it matters:
Data breaches can give hackers access to people’s private information, which can be used to carry out scams or even steal a person’s identity. What makes Zivame’s privacy breach so concerning is not just the breach itself but how it was being framed by Soni. By saying that the data of Hindu girls were being sent to Muslim groups, Soni seemed to be instigating communal disharmony.
This can be established by the fact that only a couple of days after his tweet about Zivame, on May 25, Soni posted screenshots of what he claimed was leaked data from the Indian Railway Catering and Tourism Corporation (IRCTC)’s website (which IRCTC later confirmed wasn’t true). He said that the leaked information was that of Hindu girl students. He made inflammatory comments saying that “Does anyone know the reason behind the sudden increase in the cases of love jihad and why Hindu women are always the target? How do jihadis get the number of these women? These screenshots will tell you why.”
सभी हिन्दू सनातनी भाइयो और बहनो, #Hacked_Data_Expose#Hacked_IRCTC_Data#Hacked_Girls_Student_Data
४० लाख हिन्दू लड़कियों के डाटा हैं जो डार्क वेब, डीप वेब, मुस्लिम देशो में बेचे जा चुके हैं
पढ़कर और लोगो तक पहुंचने की जिम्मेदारी आपकी, मेने मेरा कर्तव्य निभाया.
अपनी सुरक्षा… pic.twitter.com/T3fmMRO56V — Cyber Huntss (@Cyber_Huntss) May 25, 2023
What Soni has to say about the whole situation:
On June 7, Soni tweeted that the Rajasthan SOG had found nothing against him during their investigations and said that he has been released on bail.
जय श्री राम। ??
सभी की स्टोरी देख ली आप लोगों ने। अब मेरी स्टोरी बताता हूँ।
29 तारीख NCW ने zivame को बुलाया तो कंपनी को बदनामी से बचाने के लिए बिना लिखित ऐप्लिकेशन दिए फोन कॉल पर मेरे खिलाफ कम्पलेन की और SOG जयपुर ने तुरन्त ऐक्शन लेकर 30 मिनट मे मुझे हॉस्पिटल के बाहर शाम… — Cyber Huntss (@Cyber_Huntss) June 7, 2023
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.