Indian property site hack leads to 2 million users’ data exposed
PropTiger responds to the report of cyber breach. Here’s what it has to say.Updated: Mar 27, 2020 18:03 IST
UPDATE: PropTiger has released a statement on the issue.Here’s what it says: “As recently stated by the company, it experienced a cyber-attack in March 2020 on one of its data servers, where one data file containing a limited number of e-mails and some encrypted data was illegally extracted. No financial data was compromised during this incident. We deny the claims of any kind of data breach in the year 2018 or before,” a PropTiger spokesperson said in a statement.
“Although the company is unaware of any actual misuse of the information, we are notifying potentially affected customers about the incident, and about things they can do to protect themselves. We are working with a leading cybersecurity firm to phase out affected systems and to accelerate the ongoing security enhancements to our platform to safeguard customer information and prevent a future breach,” the spokesperson added.
Private data of more than 2 million users were shared on a hacking forum following a major security breach of the Indian property website PropTiger in 2018.
According to a new Have I been pwned alert, the exposed data contains both user records and login histories with more than 2 million unique customer email addresses. The data that was exposed on the hacking forum also included personal information such as IP addresses, password stored as MD5 hashes, dates of birth, and names among others.
New breach: PropTiger had a 2018 database file exposed and shared on a popular hacking forum last month. Exposed data included user records and login histories containing over 2M unique email addresses. 69% were already in @haveibeenpwned #breach— Black_Hat_India (@black_hat_india) March 24, 2020
#RT @haveibeenpwned: New breach: PropTiger had a 2018 database file exposed and shared on a popular hacking forum last month. Exposed data included user records and login histories containing over 2M unique email addresses. 69% were already in @haveibeen… https://t.co/SxpPZ1iiy2— Simon Foster (@funkysi1701) March 24, 2020
“In January 2018, the Indian property website PropTiger suffered a data breach which resulted in a 3.46GB database file being exposed and subsequently shared extensively on a popular hacking forum 2 years later,” said an email alert sent to users affected by the breach.
“PropTiger advised they believe the usability of the data is “limited” due to how certain data attributes were generated and stored,” it added.
According the security alert, 2,156,921 users affected by the security breach.
Based on Gurgaon, Haryana, PropTiger is an independent real estate advisor with a pan-India presence, according to Crunchbase. The platform says it has more than 500 relation managers spread across the country.