The recent data breach concerning Zivame, an Indian online women’s intimate apparel store, has led to the exposure of customers’ personal information. The leaked information includes full names, phone numbers, email addresses, shipment addresses, and details about individual purchases, excluding any payment-related data1.
The data, which was allegedly sold by hackers on multiple forums, was found to match the personal information of some Zivame customers. The information was shared by a broker claiming to sell the data on behalf of a primary hacker1. Later, the data was pulled offline, apparently at the hacker’s request1.
Zivame has declined to comment on the apparent breach, and its chief technology and product officer, Monish Kaul, has not responded to queries regarding the incident1. The cybersecurity startup Technisanct first reported the availability of the exposed data on May 11. The company’s founder and CEO, Nandakishore Harikumar, conducted a manual verification of a sample of 50 email addresses and phone numbers from the data dump, and confirmed that the data belonged to Zivame customers1.
The complete set of leaked details and the full extent of the threat have yet to be determined1. India’s Computer Emergency Response Team (CERT-In) has been informed about the data breach and has stated that it is in the process of taking appropriate action with the concerned authority1.
Founded in 2011, Zivame was acquired by Reliance Retail, a subsidiary of Indian conglomerate Reliance Industries and the largest retailer in India in terms of revenues, in 20201.