The ‘ZEE5’ Video on Demand Service Has Been Hacked

  • Indian streaming service ‘ZEE5’ has had another security incident, which involves customer data.
  • The hackers who stole about 150 GB of data are the same group that has caused trouble to another 50 websites.
  • There may be DISH TV customer details in the stolen set, as the owner of the two services is the same.

‘ZEE5,’ an Indian Video on Demand service that serves over 150 million users worldwide, has been breached by hackers. The streaming service hadn’t announced anything concerning the incident initially, and as of right now, they are still investigating what happened. The hackers, who identified themselves as “John Wick” and “Korean Hackers,” claim to have grabbed 150 GB of data from the company and threaten to publish it online. The data consists of email IDs, recent transactions, messages, mobile numbers, passwords, and other confidential subscriber data.

According to emails they sent to the platform, the hackers’ intention is merely to aid the streaming platform to fix its bugs and request 10 Ethereum (about $2440) in return for their “help.” The conversations leaked to Bleeping Computer reveal that the same hacking team is behind several other website defacements and attacks to online services. Generally, the situation is usually resolved without the data going public. In this context, the actors have set up a private Bitbucket repository and shared access with the ZEE5 team so as to prove their point.

bitbucket_data
Source: Bleeping Computer

All that said, it looks like the users of ZEE5 have been compromised irreversibly, and the question that arises now is whether or not Dish TV subscribers are also included in the stolen data sets. ZEE5 is owned by Essel Group, who also owns the Dish TV satellite company. Unfortunately, there’s a “dittotv-databases-backup” folder in the mix, and this means that the actors could be in possession of Dish TV subscriber data as well. Still, since ZEE5 has provided no clarifications on the number of users who have had their data exposed, we are bound to limit ourselves to making assumptions based on the leaked evidence.

tables
Source: Bleeping Computer

ZEE5 has assured its customers that its backend is reliable and robust, and they expressed their willingness to keep investing aggressively in technologies that safeguard the users. For example, they are already in a partnership with Akamai, and they are looking into the possibility of working with other experts in AWS security. ZEE5 was already recovering from a recent security lapse. In May 2020, 1,023 of the platform’s premium accounts were posted on the dark web, while ZEE5 had chosen not to send any notifications to the affected individuals. No warnings were sent this time either, while the Indian authorities are unlikely to be officially informed about anything regarding the incident.

REVIEW OVERVIEW

Latest

Pinelands Regional School District Announced Data Breach

Pinelands Regional School District concluded an investigation about a data breach they had in March this year.The breach happened using then board...

Banking Trojan Targets 100 Organizations in Brazil

A banking trojan from Latin America was found targeting almost 100 Brazilian organizations and individuals.The malware was first noticed in late August...

The Number of Phishing Emails Impersonating Craigslist Is Growing

Craigslist Gsuite & Microsoft users are being targeted with phishing emails that present a fake user login page.These emails rely on brand...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari