boAt, one of the leading smartwatch and audio product companies, has recently experienced a significant data breach. This breach has resulted in the exposure of sensitive information belonging to approximately 7.5 million customers. The breach is believed to have been carried out by a hacker known as ShopifyGUY.
Potential risks for affected customers
As a result of this breach, the affected boAt customers are now at risk of potential financial fraud and phishing scams. If you have recently made a purchase from boAt and provided them with your contact number and email address, it is possible that your data may be part of a data package that is currently being sold on the dark web. According to a report by Forbes India, the data of 7.5 million boAt customers has been leaked and is available for sale on the dark web.
boAt’s response and ongoing investigation
India Today Tech has reached out to boAt for comment on the reported data breach, and we are awaiting their response. It is important to note that if the data of boAt customers has indeed been compromised and is available on the dark web, it would not be the first time that personal details of millions of customers have been sold in this manner.
The dark web and data breaches
The dark web is a hidden part of the internet that can only be accessed through the TOR network. It is known to be frequented by cybercriminals and hosts web forums and communities where hackers can sell stolen data. Unfortunately, data breaches and the sale of personal information, including Aadhaar numbers, have been reported in India in the past.
Increased risk of online scams
While some of the stolen data, such as phone numbers, may already be publicly available, the consolidation of this information in one place on the dark web makes it easier for cybercriminals to engage in phishing, social engineering, and other online and phone scams.
Lack of data breach reporting requirements in India
This reported breach also highlights the disparity between India and other countries regarding the obligation of tech companies to report and inform their customers about data breaches. In many other parts of the world, such reporting is mandatory when a breach occurs.
