DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Zee5 Data Breach: PII of 9 Million Zee5 Users’ Allegedly Leaked Online (updated with denial)

Posted on February 27, 2021 by Dissent

Manikanta Immanni reports:

Zee5, an Indian OTT platform with over 150 million users had a part of its userbase’s data leaked again. Found by Rajshekhar Rajaharia, an internet security researcher, over 9 million users of Zee5 allegedly leaked online earlier this week. This is the second time Zee5 in news for a data breach, with the first one happened in the mid-last year.

It’s quite certain that hackers are targeting OTT platforms lately since they’re growing rapidly amid lockdowns.

Read more on TechDator.

Update of March 5:  On March 1, DataBreaches.net received an email from “[email protected].” It was cc:d to “[email protected],” “[email protected],” and “[email protected].” The TL;DR version is that they wanted this site to remove the above post, “failing which our client will be forced to initiate action.”

They probably had not read the “About” page of this site. In any event, DataBreaches.net declined to remove the post, but offered to update it or correct it if Zee5 sent a statement that explained the incident and/or what they found in the investigation their Twitter team had mentioned on February 27.  They did not respond to this site’s inquiry.

Today, Business Insider reports:

Days after an independent Internet Security Researcher, Rajshekhar Rajaharia tweeted about an alleged data breach at over-the-top (OTT) platform Zee5’s, a top executive has denied the claim.

“The security of our consumer’s personal data and information is top priority for us. After we came across this information, we have done a full audit again. Our systems are not showing any such breach,” said Manish Kalra, Chief Business Officer, ZEE5 India.

Read more on Business Insider.

Zee5 does not seem to explain how what appears to be real data — names and email addresses — wound up in the data that was provided by the unnamed hacker who gave data to Rajshekhar Rajaharia. Do any of their databases have the structure and fields that would be consistent with the data sample provided to the researcher by the alleged hacker or was there no correspondence at all?

Because Aiplex did not respond to this site’s inquiry of March 1, DataBreaches.net sent emails to a sample of those in the data sample provided by the hacker (a copy was made available to this site). While no one responded to confirm that they were customers and their data was valid, not one of the emails bounced back as unknown user.  And then, too, Rajaharia, who states he has worked with the government and law enforcement in the past, claims that as a customer, his data was in there, too.

Like a French security researcher who calls himself “@fs0c131y” (Robert Baptiste) on Twitter, Rajaharia appears to be a thorn in the side of Indian firms, calling out their security vulnerabilities and leaks publicly if they do not respond to his attempts at responsible disclosure. Threatening researchers to try to chill their disclosures may work in some cases, but is unlikely to work with researchers like Baptiste or Rajaharia.

So who conducted the “full audit” for Zee5? Was it its own employees, who might be motivated to cover up any breach if it involved an error on their part? Was it an external firm known to be experts?  It would be nice to know more — including more about the anonymous hacker/source, who may have a financial motivation to provide bad publicity for firms. And what will that hacker do now? Will they dump more data that they claim comes from Zee5?

DataBreaches.net will continue to follow the alleged breach which has now been formally denied.

Related posts:

  • Who is on TEKsystems Intel Leak
  • Forbes Breach Email Statistics
  • Meanwhile, over at Uber Leaks…
  • A further 512 websites hacked and defaced by HaX.R00T
Category: Breach Incidents

Post navigation

← NL: Secondary school in Lochem pays ransom after cyber attack criminals
T-Mobile discloses data breach after SIM swapping attacks →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.