Data breaches in two Indian fintech start-ups — Credit Fair and Chqbook were recently discovered by a web privacy research group called vpnMentor. While the former start-up has all to deal with online shopping credit to customers the latter is a finance marketplace which associates customers to credit cards, and personal loans providers. The research group's team found that "both Credit Fair and Chqbook’s entire databases were unprotected and unencrypted. Credit Fair uses a Mongo Database, while Chqbook uses Elastic Search, neither of which were protected with any password or firewall.” With regards to Chqbook, the research group 'claimed' to have accessed 67 GB of user information including sensitive data, like the user's telephone number, address , email, Credit card number, expiry date, transaction history, plain text passwords, gender, income and employment profile among other fields. However, Vipul Sharma the founder of Chqbook denied the research group's claim that 67 GB of user data was comprised, rather he said that 'Chqbook does not have that much volume of data.' In the case of Credit Fair, the research group said it was able to extract 44K user records containing fields, like phone number, detailed information of their loan applications, PAN number, IP address, session tokens, Aadhaar number, and more. The 'lending company' as of now has still not fixed the issue as per the research group's post of July 31. This is however not the first case of data breach in Indian start-ups, numerous well-known start-ups across various sectors have experienced at least one situation of data breach. Some recent ones include: Truecaller, Justdial, EarlySalary, Ixigo, FreshMenu, and Zomato. Hence keeping in mind the ever expanding number of data breaches in the nat ..
Support the originator by clicking the read the rest link below.
