Serial Cyber attack on rise! Foodmandu Investigation

On March 8, 2020, I got a message from my friend that Foodmandu’s 50K users data have been leaked and was publicly disclosed by a hacker. Later when I see the news, it was real and data was readily available where users: name, address and phone numbers were shared.

Following that day, within last 40 days i.e by April 16, 2020 there have been reported case of around 5 threats. Leading tech firms Mercantile and Internet service provider Vianet became the victim. In the same period, one incident also happened which gains much more popular which was Siran Tech a sister company of F1 Soft, a part of Esewa, access to the news portal named kathmandu press.

Lets dig into each cases thoroughly.

1. Foodmandu data Breach:

On Saturday, 7th March 2020, Foodmandu, the food delivery platform in Nepal, faced the data breach and 50 thousand users data have been stolen. The stolen information has an name, email addresses, personal phone numbers, longitude/latitude (GPS points) and location of customers. This all went in the Saturday night as informed later by Foodmandu in the press release.

The twitter handler mr_mugger have stated that “he is tired of how foodmandu neglect the security vulnerabilities” as below. Now, this tweet is deleted and we cannot find it. Later, this accessed information was publicly shared in github.

Tweet from Hacker

Issuing a press statement, the company stated that Foodmandu encountered an unfortunate event of data breach on Saturday night. “We detected a cyber-attack which resulted in unauthorized access of customers’ data, particularly name, address, email address and phone number,” the company said in a statement and claimed that the loophole was immediately addressed and the company is conducting further investigations. The detail press release is below.

Image: Press release statement by foodmandu to data breach

What is data breach?

Data breach is the access of the information from the database without any authorization or approval. This types of breach/access happens all around the world and many company have paid a heavy loss.

Data breach is possible when there is loophole in the system. Loophole is the weak point from where hackers or intruder gets access to the system and gets the data. In Foodmandu also, this was the scenario. However, they immediately fix the loophole.

In August 2013, 3 billion data records have been stole from Yahoo. It is considered as the top data breach in the history.

How to prevent data breach?

There are several practices done to prevent the data breach. The few are listed below.

  • Patching and updating software as soon as options are available
  • ENCRYPTION for sensitive data
  • Upgrading when software is no longer supported by the manufacturer
  • Enforcing security policies
  • Enforcing strong credentials and multi-factor authentication
  • Educating employees on best security practices and ways to avoid socially engineered attacks.

This threats have given a better lesson to all the nepalese company’s about the security risks they have posed or might posed. Now its time to adopt and strengthen the security of each databases including online portal, eCommerce website, data center and many more.

The security threats on Vianet, Mercantile and Kathmanduexpress.

What do you think need to stop such threats in future? Let your words speaks louder than voice in the comment section below.

Share this:



Leave a Reply

Your email address will not be published. Required fields are marked *