W Power 2024

Hit with massive data breach, boAt loses data of 7.5 million customers

The audio and wearables brand lost around 2GB of data on the dark web forum. Personally identifiable information like name, address and contact number is available for purchase

Naandika Tripathi
Published: Apr 6, 2024 07:09:56 PM IST
Updated: Apr 8, 2024 06:14:37 PM IST

Hit with massive data breach, boAt loses data of 7.5 million customersImage: Shutterstock

Customer data for over 7.5 million boAt customers has appeared on the dark web. Personally identifiable information (PII)—like name, address, contact number, email ID, customer ID and more—is available for purchase. The threat actor has leaked around 2GB of data on the forum.

On April 5, a hacker named ShopifyGUY claimed to breach the data of audio products and smartwatch maker boAt Lifestyle. The threat actor dumped files of data breach with access to PII information of customers, which has 75,50,000 entries.

Forbes India verified the information by speaking to some of the customers who confirmed purchasing boAt products in the recent past.

These data breaches have an impact that goes beyond the immediate loss of personal information. People are more vulnerable to financial fraud, phishing scams and identity theft. Sophisticated social engineering attacks could be framed by threat actors leveraging personal details of individuals to get access to bank accounts, conduct transactions, and use credit cards fraudulently, explains Threat Intelligence Researcher Saumay Srivastava.

“The consequences for companies include a loss of customer confidence, legal consequences and reputational harm. The major implications make it even more essential to implement adequate security practices,” he adds.

An email sent to boAt Lifestyle did not elicit any response.

The leaker's profile (ShopifyGUY) is relatively new and only has this leak under his belt. As the data is genuine, the hacker will gain a good reputation among the forum community, which will increase their future data sales, explains Rakesh Krishnan, senior threat analyst at NetEnrich. “Considering the timeline, we can assume that the hackers gained access to the boAt customer database at least one month ago and put the data on the forum yesterday.”

Ideally, the company should notify all users, do a comprehensive investigation on how the attackers got in and what else they could access, and then obviously do a comprehensive revamp of their security measures to ensure they minimise the chance of this happening again, but realistically, it will deny and move on, unfortunately, explains Yash Kadakia, founder of Security Brigade. “The data is available for eight credits on some forums, so literally, it costs two euros to buy the data. It'll probably be available for free in a few days on Telegram. This data will be used by a lot of scammers for different phone and email scams.”

Founded in 2016 by Shark Tank judge Aman Gupta and Sameer Mehta, boAt has emerged as the second most popular wearable brand in the third quarter of 2023, as per an IDC report. The Gurugram-based company is widely popular among Indian consumers and is known for its reasonable earphones and other audio products. It also makes other products, like smartwatches and speakers.

A market leader in audio devices and wearables, boAt Lifestyle’s sales crossed Rs3,000 crore in March 2023. Its total revenue stood at Rs3,403.1 crore against Rs2,886.4 crore in FY22. Reportedly, boAt witnessed a net loss of Rs129.4 crore in FY23 after posting a profit of Rs68.7 crore in FY22.

The homegrown consumer electronics company filed its IPO papers in 2021, but deferred it due to market volatility. In October 2022, its parent company, Imagine Marketing, raised Rs500 crore from an existing shareholder, a Warburg Pincus affiliate, and a new investor, Malabar Investments. Overall, the company has raised a total of $177 million to date from investors such as Qualcomm Ventures, InnoVen Capital, Navi Technologies and Fireside Ventures, among others.

boAt competes against companies like Fire-Boltt, Noise, Xiaomi and Samsung.

The story will be updated if the company responds.

Post Your Comment
Required
Required, will not be published
All comments are moderated