What Happened
The Zivame data breach occurred in 2022, not 2025. In this breach, Indian lingerie retailer Zivame experienced an excessive data exposure affecting nearly 1.5 million customers, with personal and transactional information including names, phone numbers, email addresses, and partially masked payment records compromised. The breach was caused by an unsecured database server left open to the public without password protection. Hackers, including the group ShinyHunters, posted the stolen data for sale on the dark web and Telegram for $500 in cryptocurrency, offering sample datasets to verify credibility. India Today confirmed the authenticity of the exposed data by contacting affected customers whose information matched the samples. The cybercriminal group behind the Zivame breach was also linked to the Rentomojo cyber attack on a furniture rental startup. Zivame did not publicly address the breach at the time it was discovered.
