Several customers of Zivame, an online women’s intimate apparel store in India owned by Reliance Retail, have reported that their accounts were hacked, resulting in the exposure of their personal information. The compromised data includes their full names, phone numbers, and email addresses.
In recent weeks, alleged data from Zivame has been circulating on various forums and being sold by hackers. TechCrunch confirmed that the information shared by a broker aligns with the data provided by three affected customers. While the exposed data includes details about individual purchases, it does not contain payment-related information.
The broker, who claimed to be selling the data on behalf of a primary hacker, later removed the data from circulation, purportedly at the hacker’s request. TechCrunch promptly notified India’s computer emergency response team CERT-In about the availability of data samples, and CERT-In stated that appropriate action is being taken with the relevant authority.
When contacted by TechCrunch, Zivame declined to comment on the alleged breach. Monish Kaul, Zivame’s chief technology and product officer, read the message sent via LinkedIn but did not respond.
Nandakishore Harikumar, the founder and CEO of cybersecurity startup Technisanct, was the first to report the availability of the exposed data on May 11. After manually verifying a random sample of 50 email addresses and phone numbers, Harikumar confirmed that the data belonged to Zivame customers. However, the full extent of the threat and the complete set of leaked details are yet to be determined, according to Harikumar.
Established in 2011, Zivame specializes in women’s innerwear and has raised a total of $69.2 million in funding. In 2020, it was acquired by Reliance Retail, a subsidiary of Indian conglomerate Reliance Industries and the country’s largest retailer in terms of revenues.
As the investigation continues, affected customers are advised to monitor their accounts for any suspicious activity and consider taking additional security measures to protect their personal information.