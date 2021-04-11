The dust is yet to settle on the MobiKwik alleged data leak, another major security breach in a reputed Indian news portal has come to light. An independent security researcher has highlighted a major server breach, which has allegedly exposed personal data of 40 million users. But the hackers, who allegedly exploited a vulnerability in the portal's server, are reportedly selling records of 700,000 users.

Sourajeet Majumder, the security researcher, who reported the breach, said a user of a hacking forum is selling personal data of over 700,000 users for just $350. The hackers have reportedly refused to sell the entire trove of 40 million records, citing "other plans."

Majumder claimed that he received a sample of around 40 accounts as sample, which he verified and said had all valid credentials, including email addresses of legit users. He further added that the hackers would sell the data to 5 buyers for $350, but if a single buyer chooses to purchase it all then the cost shoots up to €650.

Servers are secure, no risk to users

"If the claims made by these sellers are authentic, then it's unfortunate to say that a massive number of people's data is at stake," Majumder noted.

The vulnerability has since been fixed, the hackers have confirmed, but the news portal hasn't issued a public statement in the matter.

Without confirming if the cyberattack took place, the network's CTO Pandurang Nayak said: "Prima facie this appears to be an old data set. Information pertaining to current users is absolutely safe. The organisation takes its responsibility towards information security very seriously. The best systems and protocols are in place to prevent data breaches. We review our systems periodically and constantly work to improve the security of our information based on feedback received."

However, some users said that the subscribers have received an email with new login credentials, which are likely to be in response to the breach. An official confirmation is awaited.