IndiaMART data breach: 40,000 company records discovered on cybercrime forums

Jessica Haworth 25 June 2020 at 11:36 UTCUpdated: 25 June 2020 at 18:26 UTC

Researchers say sensitive information is for sale on two separate underground marketplaces



A breach at online marketplace IndiaMART has leaked the sensitive data of more than 40,000 suppliers.


IndiaMART is a business-to-business e-commerce site, connecting suppliers from across India. Last year, the official app had 10 million downloads.


Researcher Ashok Krishna from threat monitoring platform CloudSEK discovered that data belonging to thousands of suppliers was being sold on online forums.


The same set of information, estimated to be around 44,000 records, appears to be for sale on two separate underground websites.


Krishna investigated a sample of one of the datasets, posted for sale on June 20, and found it contained 44 separate records.


Each record was said to consist of sensitive information including suppliers’ user IDs, full names, addresses, email addresses, and phone numbers.


IndiaMART supplier data was found on two underground forums


Krishna says he used publicly found sources to verify that the data was legitimate. The sample contains records registered in February 2016, primarily from the Indian state of Gujarat.


These details could be used in a number of ways, including being utilized for phishing campaigns, scams, and even identity theft, explains CloudSEK.


“Usually our mobile numbers and email IDs are linked to bank ..

Support the originator by clicking the read the rest link below.