In a significant cybersecurity incident, India’s leading audio brand, boAt, has suffered a data breach that has left the personal information of over 7.5 million customers exposed and up for sale on the dark web. The leak also threatens the impacted users’ bank accounts and other private data.
The breach was first reported by Forbes India, which detailed that around 2GB of data containing Personally Identifiable Information (PII) such as names, addresses, phone numbers, email addresses, and customer IDs was leaked. The data appeared on a dark web forum, reportedly put up by a hacker known as ShopifyGUY on April 5, 2024. The leak has 75,50,000 entries, suggesting many users’ data was impacted.
This data breach poses a severe risk to affected BoAt customers, potentially exposing them to identity theft, financial fraud, and phishing attacks. Cybercriminals could use the leaked information to gain unauthorised access to bank accounts, make fraudulent transactions, or conduct sophisticated social engineering attacks.
Read More: Nothing Phone (2a) Pro/Plus Is In Works: Report
Sophisticated social engineering attacks could be framed by threat actors leveraging the personal details of individuals to get access to bank accounts, conduct transactions, and use credit cards fraudulently, explains Threat Intelligence Researcher Saumay Srivastava to the publication. “The consequences for companies include a loss of customer confidence, legal consequences, and reputational harm. The major implications make it even more essential to implement adequate security practices,” he adds
One of the security analysts suggests that the hackers gained access to the boAt customer database at least one month ago based on the release timeline. The profile of the leaker is relatively new, as they only have a single leak under their name as of now, and it is of BoAt.
The leaked data’s appearance on the dark web has serious implications for boAt’s reputation and customer trust. The company, known for its popular audio products and smart wearables, has yet to formally acknowledge the breach or outline steps to mitigate the impact on its customers.