‘ZEE5’ Has Leaked the Data of Nine Million Users but Didn’t Disclose It

  • ZEE5 has just had its third large data breach in just nine months, and typical for them, they didn’t notify users.
  • The discovery came from an independent researcher who was urged to delete the informative post.
  • ZEE5 has previously promised to ramp up its cybersecurity game, but it looks like the efforts aren’t enough.

“ZEE5,” the popular Indian video-on-demand platform, has had a security incident that ended up in leaking the data (email addresses, cleartext passwords, full names, DoB) of nine million of its users. The discovery of the leaked data came from independent researchers Rajshekhar Rajaharia, who confirmed that the latest entry dates to February 23, 2021.

This means the incident is recent, but there was still a full week’s time to announce it to the userbase and inform everyone of the fact – something that ZEE5 opted not to do.

On the contrary, the streaming service responded to the researcher’s tweet, accusing him of acting irresponsibly by posting the leaked details on a public platform. The firm urged Rajaharia to delete the post and share the details with them privately, implying that they are still in the dark about the specifics of this incident.

It is important to note that the researcher didn’t post the sensitive details without masking them first, so he didn’t contribute to the exposure risk but merely informed the userbase about it.

ZEE5 had a data breach back in June 2020, resulting in the stealing of 150GB of data. This went for sale on the dark web, so again ZEE5 had decided not to make the incident public and just hope that no one notices. When the incident became known, ZEE5 assured its customers that there’s nothing to worry about and that they are aggressively investing in rolling out security and user data protection technologies.

The need for this was evident, as ZEE5 had also suffered from another breach in May 2020, which resulted in the compromise of 1,023 premium accounts. Again, no warnings were distributed back then either.

In summary, ZEE5 has had three pretty catastrophic data breaches in nine months, and in all three cases, the platform did not notify its userbase about it. Either because they do not realize the incidents or choose to remain silent about them, the customers never get to learn about it until a third party publishes the story. This is extremely irresponsible and unethical – and raises the risk of having successful scam, phishing, or credential stuffing campaigns.



How to Watch Thursday Night Football Without Cable in 2021: Schedule, Time, TV Channel, Live Stream

The 2021 NFL season is kicking off, and the excitement is kicking in for American football fans all over the world. The...

HBO Leaves Prime Video as WarnerMedia Ends Deal With Amazon

Amazon and WarnerMedia end their collaboration that had HBO on Prime Video.Existing users will now have to use the HBO Max app...

How Phishing Actors Impersonated the U.S. Department of Transportation

A recent phishing campaign deployed some common but highly effective tricks to steal Microsoft account credentials.The actors impersonated the U.S. Department of...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari