Polizeiautos

We've been tracking the re-emergence of older breach datasets on various dark web marketplaces, often repackaged and sold to new audiences. What really caught our eye wasn't the age of this particular dataset, but its size and the specific combination of Personally Identifiable Information (PII) it contained. While many older breaches contain email addresses and passwords, the Zoomcar breach also included phone numbers and IP addresses, creating a richer profile for potential malicious actors. The fact that it was sold on a dark web marketplace in 2020, two years after the initial leak, highlights the longevity and persistent value of compromised data.

Zoomcar breach: 3.5M records resurface, fueling identity theft risks

The Zoomcar data breach, initially occurring in July 2018, has resurfaced with the sale of the compromised data on a dark web marketplace in 2020. The breach exposed a substantial amount of user data, making it a significant event even years later. The combination of identifiable data points creates an elevated risk for identity theft and targeted phishing campaigns. The use of bcrypt hashing for passwords offers some protection, but the re-emergence of this data underscores the need for users to update their passwords and monitor their accounts for suspicious activity.

The breach came to light following its appearance on a dark web marketplace in 2020, two years after the initial incident. The sheer volume of records – over 3.5 million – and the inclusion of phone numbers and IP addresses alongside email addresses and password hashes, distinguished it from more common breaches containing only basic login credentials. This comprehensive dataset allows for more sophisticated social engineering attacks and potentially even SIM swapping attempts.

This breach matters to enterprises now because it serves as a stark reminder of the long-term risks associated with data breaches. Compromised data can continue to circulate and be exploited years after the initial incident. Furthermore, the Zoomcar breach highlights the potential for data aggregation and enrichment, where attackers combine data from multiple sources to create more complete profiles of individuals. This incident aligns with broader threat themes related to the persistence of compromised data on dark web marketplaces and the ongoing risk of identity theft and fraud.

Key point: Total records exposed: 3,588,582

Key point: Types of data included: Email Address, IP Address, Phone Number, First Name, Last Name, Password Hash

Key point: Sensitive content types: PII

Key point: Source structure: Database

Key point: Leak location(s): Dark web marketplace (2020)

While specific details regarding the marketplace are scarce, similar datasets are commonly found on platforms like Breach Forums and various Telegram channels dedicated to the trade of stolen data. News outlets did not widely cover the 2018 breach at the time, likely due to the limited scope of reporting on data breaches originating from smaller companies outside of the US and Europe. However, the subsequent sale of the data on the dark web would have increased its visibility within threat intelligence communities.

Email · Address · Ip · Phone · Number · First · Name · Last · Password · Hash