ET Rise
12,156.30100.5
Stock Analysis, IPO, Mutual Funds, Bonds & More

vpnMentor spots a data breach in Credit Fair, Chqbook Database

Credit Fair offers customers access to small personal loans, while Chqbook lets customers compare personal finance products such as loans and credit cards, based on their financial status.

, ET Bureau|
Last Updated: Aug 01, 2019, 09.08 AM IST|Original: Aug 01, 2019, 09.08 AM IST
0Comments
ThinkStock Photos
ThinkstockPhotos-516607038
Data breaches in India cost organisations about Rs 12.8 crore on average between July 2018 and April 2019, according to an IBM-sponsored report.
Bengaluru: A website focused on virtual private networks, vpnMentor, discovered a breach in the databases of financial services firms Credit Fair and Chqbook on July 24 and alerted both companies to the risk, ET has learnt.

Credit Fair offers customers access to small personal loans, while Chqbook lets customers compare personal finance products such as loans and credit cards, based on their financial status.

Both Credit Fair and Chqbook require customers to provide considerable personal and financial details on their websites.

“The databases were unencrypted and completely unsecured, creating a huge risk for customers of both companies,” vpnMentor told ET. The breaches were discovered by Noam Rotem and Ran Locar from the firm’s research team, it said, sharing the data related to the breach exclusively with ET.

vpnMentor, which had earlier reported multiple such incidents globally, said these breaches were found as a result of a web mapping project.

“Our hackers use port scanning to examine particular IP blocks and test open holes in systems for weaknesses. They examine each hole for data being leaked. Our team discovered that both Credit Fair and Chqbooks’ entire databases were unprotected and unencrypted. The companies use an Elasticsearch database, which is ordinarily not designed for URL use,” it said.

Through Credit Fair’s unsecured database, vpnMentor said it accessed personal details like names, phone numbers, addresses, birth dates, PAN and Aadhaar numbers, IP addresses and more. Altogether, it accessed 44,000 customer records. vpnMentor reported the vulnerability to the Mumbai-based firm, but had not yet received a response, it said.

Credit Fair did not respond to an email on the developments. ET could not independently verify whether its website had been breached.

For Chqbook, vpnMentor discovered that it could access personal details, along with details of cards and payments, monthly income, employment profile, user ID among others. The VPN site said Chqbook secured the database leak within 48 hours of reporting.

Vipul Sharma, founder and CEO of Chqbook, told ET, "We have received an email from a VPN company and are investigating the same and are in touch with them. Chqbook takes pride in our security layers and measures we have on the platform, and would like to put on record that customer data is intact and we have conducted checks for the same internally."

Data breaches in India cost organisations about Rs 12.8 crore on average between July 2018 and April 2019, according to an IBM-sponsored report. The average total cost of data breaches globally was $3.92 million (about Rs 27.03 crore), with the average size of the breach pegged at 25,575 records, as per the report.

Data breaches allow criminals to develop identity frauds, hack and take over accounts, phish or extort and indulge in other illegal activities. By accessing financial details, a user can be held to ransom, or face extortion.

Advertisers and scam artists can also use data breaches to create precisely targeted, manipulative and exploitative ad campaigns on social media to push products or services on to vulnerable customers.



Also Read

69% Indian companies at risk of data breach

Unguarded servers behind big Indian data breaches of 2019

After Google, Twitter warns Indian users about data breach

WhatsApp admits it could've handled data breach better

36% smaller firms witnessed data breaches in 2019 globally

Comments
Add Your Comments
Commenting feature is disabled in your country/region.

Other useful Links


Copyright © 2020 Bennett, Coleman & Co. Ltd. All rights reserved. For reprint rights: Times Syndication Service