Personal data of around 3.5 million Zoomcar users has been up for sale on what is known as the Dark Web since Thursday, according to a cybersecurity consultant.
Dark Web refers to that area of cyberspace where content cannot be searched using normal search engines because it is encrypted.
The data includes names, email ids, passwords, mobile numbers and IP addresses. The hacker is offering to sell data of 9 million Zoomcar users for $300.
“The hacker has been privately selling the data for $300 but now he has made it public on the Dark Web,” said Rajshekhar Rajaharia, the cybersecurity consultant who alerted Zoomcar about the hacker’s plan.
Zoomcar competes with other self-drive car rental startups such as Drivezy and Revv. The data breach took place in July 2018, according to the hacker.
Hackers avoid offering the stolen data for sale soon after a breach since that makes it easier for law enforcement officials to track their internet protocol (IP) addresses, Rajaharia said. Selling the data after a year makes it difficult to track the source of the breach. Zoomcar did not reply to an email seeking comment.
In January, Zoomcar raised $30 million (Rs 213 crore) in a fresh funding round led by Sony Innovation Fund, the venture arm of Japanese electronics giant Sony, as part of its ongoing $100 million Series D round.