Rentomojo Reports Data Breach Of Its 1.5 Lakh Subscribers
The online furniture rental marketplace start-up Rentomojo (Edunetwork Pvt. Ltd.) has reported a data breach which affected its 1.5 lakh subscribers.
Rentomojo, an online rental marketplace start-up operated by Edunetwork Pvt. Ltd. since 2014, provides users in Bengaluru, Mumbai, Delhi NCR, and Pune the opportunity to rent furniture, utilities, and motorbikes on a subscription basis.
Unfortunately, the start-up recently reported a data breach that is likely to affect its 1.5 lakh subscribers. Rentomojo has alerted the appropriate authorities and is fully cooperating with the ongoing investigation.
In an email to subscribers, Rentomojo disclosed that their team had detected a security breach. They explained that attackers had gained unauthorized access to one of their databases, exploiting a cloud misconfiguration through extremely sophisticated attacks, which led to the unauthorized access of customer data, including personally identifiable information.
The start-up did confirm that the breach would have no effect on financial information, such as credit cards, debit cards, or UPI, as they do not store this information in their database.
Rentomojo has taken several measures in response to the data breach, including securing and encrypting all information in their database.
They implemented advanced security practices such as intelligent threat detection, sensitive data discovery, and logging IP traffic, multi-factor authentication for additional protection.
The company did ongoing security audits and vulnerability assessments to identify and mitigate risks, rotating access tokens and updating all passwords, and implementing endpoint detection and response for their network. They have also reviewed all third-party and open-source plugins and integrations.
Despite the measures taken, several Rentomojo users have taken to social media seeking an explanation from the company.
One user reported that their confidential information had been exposed due to the data breach, and hackers were blackmailing them to release personal data.
Another user claimed to have received a mail stating data breach from their Rentomojo account, and it claims to make their data public since the company did not respond to their demands.
Rentomojo assures its customers that it is doing everything in its power to mitigate the risks associated with the data breach. They have urged their users to stay vigilant and report any suspicious activity immediately.