Weeks after Indian furniture and appliance rental service RentoMojo confirmed a data breach, hackers claimed to have added the company database to a hacker forum.
The RentoMojo cyber attack came to light after the company informed its customers via email, sharing details about the RentoMojo data breach where the hacker gained unauthorized access to their databases.
While the company had assured its users that the RentoMojo cyber attack did not compromise the financial information, the recent RentoMojo data breach update says otherwise.
In a tweet, @FalconFeedsio shared a screenshot featuring an update by ShinyHunters claiming to have downloaded RentoMojo database that included sensitive documents like bank statements, passports, ID cards, driver’s licences, and other personal data.
“We got in touch with RentoMojo (more specifically Prabhat Verma) about this matter and later told their users that we downloaded terabytes of KYC including bank documents, passports, ID cards, driver’s licences etc,” read the post by the data breach forum member under the alias ShinyHunters.
“Nonetheless, it seems RentoMojo is unwilling to pay a single penny despite working tirelessly 24*7 to mitigate the impact,” the post added, with a threat to upload KYC.
RentoMojo Cyber Attack update
The RentoMojo cyber attack came to light after the company sent a mail on 20 April to its users, including this reporter, informing them about a data breach. Many users also took to social media platforms such as Reddit to post details regarding the security incident.
In the email titled “Important Security Notice: Data Breach & Enhanced Security Measures”, the company informed its subscribers regarding the data breach, its impact, and what they need to do to ensure that they are safe.
Following the initial response to the RentoMojo cyber attack, the company is yet to release a statement or an update regarding the security incident.
However, they had earlier shared with the users that they had reported the incident to the appropriate authorities and were cooperating with the ongoing investigation.
Moreover, they had also stated to have implemented the following to prevent such data breaches in the future:
- Secured the database and encrypted all information stored in our database.
- Strengthening our infrastructure with advanced security practices like Intelligent Threat Detection, Sensitive Data Discovery and logging IP traffic
- Implemented multi-factor authentication (MFA) for additional layers of protection
- Ongoing security audits and vulnerability assessments to identify and mitigate further risks
- Rotated all the access tokens and updated all passwords immediately
- Implemented Endpoint Detection and Response (EDR) for our network
- Reviewed all the third-party and open-source plugins and integrations
The Indian-based online rental furniture and appliances company was founded in 2014. Rentomojo’s business model is built on the concept of the sharing economy, where customers can rent products instead of buying them, making it a more cost-effective and sustainable option.
According to a recent report by YourStory, Rentomojo has seen a 5x growth in revenue, with a gross revenue run rate of approximately $27 million as of December 2021, a significant increase from its previous annual revenue of approximately $5 million.
Rentomojo’s customer base range from young professionals, students, and newly married couples who are looking to furnish their homes to corporate clients who need to set up temporary office spaces, such as startups, freelancers, and MNCs.
This wide reach intensifies the harm of a possible RentoMojo cyber attack.