In July 2022, a small cybersecurity start-up CyberX9 reported to major Indian online insurance company Policybazaar about some critical vulnerabilities detected in the company’s internet-facing network that could expose sensitive personal and financial data from at least 11 million customers to hackers. On July 24, 2022, Policybazaar informed Indian stock exchanges about a data breach, where no important customer data was exposed. However, CyberX9 director Himanshu Pathak claimed that, It would have been extremely easy for anyone with good computer knowledge to discover, exploit, and exfiltrate all of this data. Furthermore, CyberX9 claims that the data breach could have resulted in exposing the sensitive data of around 56 million people who are registered with Policy bazaar's parent company, PB Fintech Ltd. The data includes names, home, and email addresses, dates of birth and phone numbers, and also other documents such as digital copies of identification, health and financial documents including tax returns, pay slips, bank statements, driver's licenses, and birth certificates which is used during the insurance process. As Policybazaar also works for the Indian armed forces and offers various insurance policies and lists their ranks, branch of service, and area of their work. In addition, the CyberX9 revealed that they detected five vulnerabilities and were able to exfiltrate user data with no authorization check and there were no restrictions on how often an unauthorized user could make such attempts. In regards to the data breach, Policybazaar confirmed that they have fixed the identified flaws and referred the incident to external advisers for a forensic audit.
Belarus' main security service agency, the KGB, has reportedly been offline for two months following a cyberattack by politically motivated Belarusian hackers known as the Bela...
The Latrodectus malware, also known as Unidentified 111 and IceNova, is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate ...
Dropbox, the cloud storage company, disclosed a recent cybersecurity breach where a hacker accessed sensitive information, including passwords, following unauthorized access to the...