Reports have begun circulating that Zee5, an on-demand Internet streaming service based in India, that’s available almost everywhere globally except the US, may have suffered another data breach — this time reportedly putting some 9 million users’ private data at risk of being exploited by hackers.
Previous Zee5 data leaks were reported last year. What sparked this new episode, about which Zee5 has been quiet thus far, is a tweet a few days ago from an independent Internet security researcher, who wrote the following: “9 Million users data alleged leaked from #Zee5 again!! It seems latest data leak on 23rd Feb 2021. I sure no one is going to take responsibility for this too. Now we can say that there is no value of our personal and financial data. Risk is ours.”
As noted by a TechRadar report, the streaming service apparently responded to the security researcher, Rajshekhar Rajaharia, via Twitter, but this tweet has now apparently been deleted: “Our viewers’ privacy is our top priority and we’ll surely look into it. Kindly avoid posting such details on a public platform. Please consider deleting the same & send us a direct message with all the details. We’ll look into the issue.”
9 Million users data alleged leaked from #Zee5 again!! It seems latest data leak on 23rd Feb 2021. I sure no one is going to take responsablity for this too. Now we can say that there is no value of our personal and financial data. Risk is ours.#InfoSec #dataprotection #GDPR pic.twitter.com/gzFTnTQ6W9
— Rajshekhar Rajaharia (@rajaharia) February 27, 2021
Zee5 claimed to have almost 66 million monthly active users as of December 2020, and a Sensor Tower report from last summer pegged the app as one of the top streaming apps worldwide (for the month of June). At the time, the user base was by and large concentrated in Pakistan, India, and the United Arab Emirates.
According to India media site Inc42, multiple Indian ventures have been hit by cyberattacks already this year, including payments processor Juspay — which had details associated with payment transactions leaked. And as we’ve been reporting, even though we’re only barely into the third month of the year, there has already been a slew of data breaches and other assorted infosec attacks reported closer to home, such as the hack of a vendor that could have put information at risk for anyone who has dealt with California’s DMV over the past year.
Likewise, a shockingly large pile of user credentials was published on the Internet in recent weeks, as part of a data set that has been formally called the Compilation of Many Breaches (or, COMB). It included some 3.2 billion email-and-password combinations that weren’t stolen as a result of a new data breach — rather, these were published in the aggregate following multiple previous data breaches.
This is as good an opportunity as any to remind everyone that it’s always a good idea to check out sites like Have I Been Pwned, a searchable database of stolen credentials from news outlet CyberNews, as well as Avast’s “Hack Check” site, to see if any of your account data has been stolen (in these or other hacks).