Data of 1.5 million Zivame users have been breached and put up on sale in exchange of crypto.
Personal data of several customers of Zivame, an Indian online lingerie and intimate wear retailer owned by Reliance, has reportedly been breached and put up on sale on multiple forums. According to a report by TechCrunch, the data breach has exposed full names, phone numbers email addresses and even shipping addresses of Zivame customers.
Personal information of 1.5 million Zivame customers has been put up on sale, another report by India Today noted. The India Today Open Source Intelligence (OSINT) team, disguised as a potential customer, reached out to one of the threat actors on Telegram who claimed to possess the alleged data. The person was willing to sell the complete set of 1.5 million Zivame users data for $500 in cryptocurrencies, the report added. The data breach is extremely sensitive given Zivame’s primary sale is innerwear for women.
In its operation, India Today reported that the seller insisted that the data they were selling was not publicly available and further shared screenshots of sample data set shared by the seller, which contained user names, addresses, and contact details of more than 1,500 customers. The dealer insisted on receiving payment only in crypto, a common practice for sellers in such cases. The media organization verified the details given by the seller by speaking with some of the users, who confirmed they are Zivame customers and that the names and details were correct.
Founded in 2011 and acquired by Reliance Retail in 2020, Zivame offers a personalized shopping experience for women’s innerwear. The company operates primarily through its e-commerce platform, allowing customers to browse and purchase products online, and also has some physical stores in selected cities.
Zivame has not made any comments on the data breach yet. Meanwhile, TechCrunch highlighted that it informed India’s Computer Emergency Response Team, or CERT-In, about the data breach on Friday. The national nodal agency for responding to and addressing cybersecurity incidents in the country said, and as reported by the media organization, that it is “already in process of taking appropriate action with the concerned authority.”