From Digital Age to Nano Age. WorldWide.

Tag: Indian

Robotic Automations

Indian audio giant boAt says it's investigating suspected customer data breach | TechCrunch

India’s largest audio and wearables brand boAt is investigating a possible data breach after hackers advertised a cache of alleged customer data online.

A sample of alleged customer data was uploaded on a known cybercrime forum, which includes full names, phone numbers, email addresses, mailing addresses and order numbers. A portion of the data that TechCrunch reviewed appears genuine based on checks against exposed phone numbers.

The hacker said the breach happened in March, which led to the compromise of the data of more than 7.5 million customers.

In a statement emailed to TechCrunch, boAt said it was investigating the matter but did not disclose specifics.

“boAt is aware of recent claims regarding a potential data leak involving customer information. We take these claims seriously and have immediately launched a comprehensive investigation. At boAt, safeguarding customer data is our top priority,” the company said.

The leaked data includes references to Shopify. Indian outlet Athenil reported that the alleged hackers claimed the data was obtained by using credentials stolen from boAt’s systems.

boAt, which counts Warburg Pincus and South Lake Investment among its key investors, leads the market of wireless earbuds in India with nearly 34% share, according to data provided by IDC. boAt also dominates India’s wearables market, boasting some 26% of the market share.

In 2022, boAt, which was valued at $300 million in its Series B round of $100 million 2021, filed for its IPO to raise up to $266 million. The brand, however, postponed its public listing plans after seeing a slowdown in the public market.

Software Development in Sri Lanka

Robotic Automations

Indian ride-hailing giant Ola quits UK, Australia and NZ in international pullback | TechCrunch

Indian ride-hailing giant Ola is shutting down its operations in the U.K., Australia and New Zealand, six years after expanding to international markets, as it shifts focus to shoring up its domestic business ahead of an initial public offering.

An Ola spokesperson told TechCrunch that the SoftBank-backed ride-hailing startup sees “immense opportunity for expansion in India,” where it operates in hundreds of cities and offers a range of transportation options, including two-wheelers.

“With this clear focus, we’ve reassessed our priorities and have decided to shut down our overseas ride-hailing business in its current form in the U.K., Australia and New Zealand,” the spokesperson added.

Valued at $7.3 billion in 2021, Ola is among the most high-profile startups in India and is backed by some of the biggest names, including Temasek, Tiger Global and Warburg Pincus. The startup plans to file for an initial public offering after the public listing of Ola Electric, the electric two-wheeler brand in India that spun out of Ola.

Ola Electric is looking to raise $662 million from its IPO in India, according to paperwork it filed late last year.

Ola and Uber, its chief rival in India, slowed their domestic expansion during the pandemic and have since largely focused on improving their unit economics. The two firms have explored merging businesses in recent years, but have been unable to reach an agreement. Both continue to insist publicly that they have no interest in partnering with the rival. (Uber sold its Indian food delivery business to local giant Zomato in early 2020.)

Uber chief executive Dara Khosrowshahi recently told Indian daily Economic Times that the ride-hailing app’s market share has never been higher in the South Asian market.

“While (rival) Ola focuses on other areas … we love the ride-sharing business. We also continue to expand into new categories and are dedicated to sustainability. Some of our competitors are distracted by shiny, new efforts and IPOs; that’s great. I’m undistracted and completely focused on the mobility business here as there’s an enormous amount of upside for us and our positioning has never been better,” the Economic Times quoted Khosrowshahi as saying.

Software Development in Sri Lanka

Robotic Automations

Indian government's cloud spilled citizens' personal data online for years | TechCrunch

The Indian government has finally resolved a years-long cybersecurity issue that exposed reams of sensitive data about its citizens. A security researcher exclusively told TechCrunch he found at least hundreds of documents containing citizens’ personal information — including Aadhaar numbers, COVID-19 vaccination data, and passport details — spilling online for anyone to access.

At fault was the Indian government’s cloud service, dubbed S3WaaS, which is billed as a “secure and scalable” system for building and hosting Indian government websites.

Security researcher Sourajeet Majumder told TechCrunch that he found a misconfiguration in 2022 that was exposing citizens’ personal information stored on S3WaaS to the open internet. Because the private documents were inadvertently made public, search engines also indexed the documents, allowing anyone to actively search the internet for the sensitive private citizen data.

With support from digital rights organization the Internet Freedom Foundation, Majumder reported the incident at the time to India’s computer emergency response team, known as CERT-In, and the Indian government’s National Informatics Centre.

CERT-In quickly acknowledged the issue, and links containing sensitive files from public search engines were pulled down.

But Majumder said that despite repeated warnings about the data spill, the Indian government cloud service was still exposing some individuals’ personal information as recently as last week.

With evidence of ongoing exposures of private data, Majumder asked TechCrunch for help getting the remaining data secured. Majumder said that some citizens’ sensitive data began spilling online long after he first disclosed the misconfiguration in 2022.

TechCrunch reported some of the exposed data to CERT-In. Majumder confirmed that those files are no longer publicly accessible.

When reached prior to publication, CERT-In did not object to TechCrunch publishing details of the security lapse. Representatives for the National Informatics Centre and S3WaaS did not respond to a request for comment.

Majumder said it was not possible to accurately estimate the true extent of this data leak, but warned that bad actors were purportedly selling the data on a known cybercrime forum before it was shuttered by U.S. authorities. CERT-In would not say if bad actors accessed the exposed data.

The exposed data, Majumder said, potentially puts citizens at risk of identity thefts and scams.

“More than that, when sensitive health information like COVID test results and vaccine records get out, it’s not just our medical privacy that’s compromised — it stirs fears of discrimination and social rejection,” he said.

Majumder noted that this incident should be a “wake-up call for security reforms.”

Software Development in Sri Lanka