rentomojo.com data breach

rentomojo.com

What Happened

In April 2023, Indian furniture and electronics rental startup Rentomojo.com suffered a data breach when the hacking group ShinyHunters exploited a cloud misconfiguration to gain unauthorized access to one of its databases, compromising personally identifiable information (PII) of up to 2.2 million customers, including names, email addresses, phone numbers, dates of birth, genders, government-issued IDs (such as passports and Aadhaar numbers), passwords (bcrypt hashes), purchases, and social media profiles. The company confirmed the incident around April 19-23 via emails to affected users, emphasizing no financial data like credit cards or UPI details was impacted since it is not stored, and responded by notifying authorities, engaging cybersecurity experts, encrypting databases, implementing multi-factor authentication, and advising users to update passwords and enable 2FA. ShinyHunters claimed to have exfiltrated terabytes of KYC documents including bank details and IDs, threatening to release them publicly after Rentomojo refused ransom demands, though the company did not confirm the group’s involvement.

Compromised Assets

  • email
  • full name
  • phone

Check your company's
exposed credentials

Enter your work email to instantly access a free account
and see your company’s exposed credentials.

Related Breaches