Indian pharmacy retail chain, MedPlus Health Services Limited, may have been a victim of a data breach after a threat actor offered to sell the database, allegedly stolen post the MedPlus cyber attack, on a cyber crime forum.
The threat actor, who goes by the name ‘0x3a0′ on the dark web forum, claims to have exfiltrated the database from a subdomain of medplusindia.com.
As per the threat actor’s post, it consists of sensitive information, including personal identifiable information (PII) data and authorization credentials of 17,192 users, 301 employees, 68,311 web login users in two separate data tables, and database administrator.
While the threat actor did not quote a price for the data on sale, they did show a willingness to provide proof for the same.
The MedPlus Cyber Attack, if confirmed, would represent a major security breach. MedPlus is the second-largest pharmacy chain in India, operating over 3,000 pharmacy stores across 497 cities.
The official website of the company was accessible at the time of writing. The Cyber Express has contacted MedPlus for comments, we are yet to receive a reply from them.
MedPlus Data Breach – Huge User Data at Risk
In the post, the threat actor claimed to be in possession of names, email addresses, login credentials, and contact numbers stolen post the MedPlus data breach.
Not much has been found about the nature of the cyber attack or the day it was hacked. However, the threat actor 0x3a0 said, “price negotiable, proof in private,” on the data sale post.
It suggested that they intend to make money out of the MedPlus data breach and may be reluctant to leak even data samples as proof for free.
MedPlus Cyber Attack Claims Made on The Cybercrime Forum
0x3a0 was found offering data stolen from a subdomain of medplusindia.com. MySQL database was exploited and put up on sale from the MedPlus cyber attack.
The post claimed to have the following user data from the MedPlus cyber attack:
- Besides the personally identifiable information, the authorization credentials of the 17,192 users were also stolen by the cybercriminal.
- Information about 301 employees of MedPlus was also on sale on the cybercrime forum. This section included data about user departments, employee numbers, phone numbers, email addresses, and usernames with passwords.
- MySQL database with web login details of 68,311 users was exfiltrated in the said MedPlus cyber attack.
- The post again claimed to have access to the login credentials of another 10,287 users.
- They had 2 admin login credentials with the password in plaintext format of one of them.
There is not much information about the threat actors involved in the MedPlus cyber attack. However, they have claimed to have more data, according to the message on the post.
The MedPlus Cyber Attack underscores the pressing need for improved cybersecurity measures in the Indian pharmacy sector. As these incidents continue to wreak havoc in the industy, the sector must prioritize data protection to safeguard sensitive user and employee information.
Data Breaches of MedPlus and Indian Pharmacies Raise Concerns
MedPlus was founded in 2006 and its shareholders include the names of marquee investors, Lavender Rose from the Warburg Pincus group, and affiliates of Premji Invest.
With a total of 14,762 permanent full-time in-house employees working for them in a range of business activities, the company operate stores distributed across Tamil Nadu, Andhra Pradesh, Telangana, Karnataka, Odisha, West Bengal and Maharashtra, as of June 30, 2021.
This is not the first pharmacy-related cyberattack in India. Recently, Sun Pharmaceutical Industries Ltd. based in India was targeted by a ransomware attack which impacted the business operations of the company.
Speaking about the Sun Pharmacy cyber attack in a stock exchange filing, the company said, “As part of the containment measures, we proactively isolated our network and initiated the recovery process. As a result of these measures, Company’s business operations have been impacted.” The Sun Pharmacy cyberattack was reported on March 2, 2023.