On March 8, 2020, I got a message from my friend that Foodmandu’s 50K users data have been leaked and was publicly disclosed by a hacker. Later when I see the news, it was real and data was readily available where users: name, address and phone numbers were shared.
Following that day, within last 40 days i.e by April 16, 2020 there have been reported case of around 5 threats. Leading tech firms Mercantile and Internet service provider Vianet became the victim. In the same period, one incident also happened which gains much more popular which was Siran Tech a sister company of F1 Soft, a part of Esewa, access to the news portal named kathmandu press.
Lets dig into each cases thoroughly.
On Saturday, 7th March 2020, Foodmandu, the food delivery platform in Nepal, faced the data breach and 50 thousand users data have been stolen. The stolen information has an name, email addresses, personal phone numbers, longitude/latitude (GPS points) and location of customers. This all went in the Saturday night as informed later by Foodmandu in the press release.
The twitter handler mr_mugger have stated that “he is tired of how foodmandu neglect the security vulnerabilities” as below. Now, this tweet is deleted and we cannot find it. Later, this accessed information was publicly shared in github.
Issuing a press statement, the company stated that Foodmandu encountered an unfortunate event of data breach on Saturday night. “We detected a cyber-attack which resulted in unauthorized access of customers’ data, particularly name, address, email address and phone number,” the company said in a statement and claimed that the loophole was immediately addressed and the company is conducting further investigations. The detail press release is below.
Data breach is the access of the information from the database without any authorization or approval. This types of breach/access happens all around the world and many company have paid a heavy loss.
Data breach is possible when there is loophole in the system. Loophole is the weak point from where hackers or intruder gets access to the system and gets the data. In Foodmandu also, this was the scenario. However, they immediately fix the loophole.
In August 2013, 3 billion data records have been stole from Yahoo. It is considered as the top data breach in the history.
There are several practices done to prevent the data breach. The few are listed below.
This threats have given a better lesson to all the nepalese company’s about the security risks they have posed or might posed. Now its time to adopt and strengthen the security of each databases including online portal, eCommerce website, data center and many more.
The security threats on Vianet, Mercantile and Kathmanduexpress.
What do you think need to stop such threats in future? Let your words speaks louder than voice in the comment section below.
International companies like Google, Facebook, TikTok, Netflix and among 20 companies have been registered in…
The document "Procedure Relating to Digital Service Tax, 2079" is a guideline issued by Nepal's…
TikTok, social media platform have been officially registered in Nepal. This was an effect as…
Ncell, one of largest private sector telecommunication giant in Nepal gets its license renew for…
Nepal Rastra Bank (NRB) is preparing to welcome PayPal in Nepal. NRB has been putting…
Nepal government have finally unbanned the previously banned social media app TikTok. The TikTok was…