In separate incidents of reported data breaches, Instagram, JustDial, and Truecaller are the latest targets exposing personal data of millions of users.
In the case of Instagram, the breach has resulted in exposure of personal details, the number of followers, bios, and pictures of millions of online influencers, brands, and celebrities. The breach has been traced back to an Indian social media marketing firm, Chatrbox, which pays influencers to run ad campaigns. Currently, Instagram is investigating the breach and trying to understand how the data became publicly available. It is reported that the database containing the breached data was hosted on AWS without a password!
Truecaller, the caller identity app, on the other hand has denied any data breach that has reportedly resulted in personal details of millions of users being available for sale on the dark web. It is also being reported that the breached personal details of global app users is available for 25,000 Euros while that of Indian users—which incidentally constitute a major chunk of the company's app users—is available for 2,000 Euros.
The JustDial data breach is reported to have exposed the personal details—names, phone numbers, email IDs, date of birth, residence address—of over 100 million users. Of the compromised records were about 70% users that had called the company's customer care number, even though they may not have used the company's app. Reportedly, the company switched over to a revamped website recently, leaving the old website unattended. The unprotected APIs of the old website are believed to have acted as a weak link that provided an easy access to the hackers.
Increasing incidents of data breach and the personal information of millions of online users reaching the dark web is a worrying trend. In the digital world, where it is not a matter of 'if' but 'when' an organization will be targeted by the hackers, it becomes imperative that organizations, worldwide, address these vulnerabilities and deploy adequate mechanisms to protect their customer data from potential exposure.
The article has been written by Neetu Katyal, Content and Marketing Consultant
She can be reached on LinkedIn.