Home News After Juspay, ClickIndia, ChqBook and WedMeGood Allegedly Suffer Data Breaches

After Juspay, ClickIndia, ChqBook and WedMeGood Allegedly Suffer Data Breaches

Hacker group named “ShinyHunters” is allegedly selling databases belonging to three Indian companies ClickIndia, ChqBook, and WedMeGood on the dark web.

Patchwork BADNEWS, APT31 threat group

Threat actors behind the recent Juspay data breach, which compromised 35 million of its users’ credit and debit card details, are now selling databases of three more India-based enterprises – ClickIndia, ChqBook, and WedMeGood on Darknet forums. ClickIndia is an E-marketplace, ChqBook is a fintech startup, and WedMeGood is a wedding planning platform. All three companies have a significant customer base and hold a lot of sensitive information.

According to cybersecurity researcher Rajshekhar Rajaharia, threat actors that go by the name “ShinyHunters” are selling data dumps that contain 8 million records of ClickIndia (name, email, mobile and other personal details), 1 million records of ChqBook (name, email, mobile, full address, and other personal details), and 1.3 million from WedMeGood (name, email, hashed password, other sensitive personal information). Rajaharia has opined that there might be some connection between all these data breaches.

As per reports, ShinyHunters was also behind the BigBasket data breach, previously reported by the security firm Cyble in November 2020. BigBasket, an India-based grocery e-commerce platform, suffered a data breach incident that exposed personal details of over two crore customers. The stolen database was available for sale on a dark web market. Hackers sold the database for over $40,000 with the table name “member_member.” The size of the database (SQL file) was around 15 GB and contained over 20 million customers’ personal data.