Thursday, November 21, 2024
HomeNews ReportsInformation of over 5 lakh users allegedly leaked in Bookchor Data Breach: What we...

Information of over 5 lakh users allegedly leaked in Bookchor Data Breach: What we know so far

Bookchor is a platform to buy, sell or share old books and textbooks. It allows users to buy old books and textbooks at an affordable price and lets sellers list their old books.

Another day and another data breach have been reported. A hacker has alleged that he has breached the website of famous second-hand book dealer Bookchor.com and downloaded information of 5,33,275 users. As per the post on a hacking forum, the threat actor breached the website in February but made the data available online on March 26.

What is Bookchor?

Bookchor is a platform to buy, sell or share old books and textbooks. The portal, managed under BookChor Literary Solutions Pvt. Ltd was founded by four friends Alok Raj Sharma, Bhavesh Sharma, Prateek Maheshwari, and Vidyut Sharma, in 2015. It allows users to buy old books and textbooks at an affordable price and lets sellers list their old books.

Details about the leaked data

In the post, the hacker wrote that he took the data dump on February 18, 2021. Though he had counted 5,05,373 unique email IDs, the total number of customers in the CSV file was 5,33,275. In the data, he had included IP Addresses, Hashed Passwords, Full names, Phone Numbers, Physical Addresses, Orders, Email addresses, and what type of phone they use (If they were using a phone).

Post on hackers’ forum about Bookchor data breach

Hacker claimed Bookchor uses unsalted MD5 encryption

In his post, the hacker claimed that Bookchor had used unsalted MD5 hash to encrypt the passwords. MD5 hashing seems reasonable at first look, but it is not recommended to encrypt sensitive information such as passwords as it is quite easy to crack. There are tools available on the internet that can decrypt unsalted MD5 hash within seconds. The passwords are reportedly available for those accounts that did not use social media authentication to create the account on Bookchor.

Sample data provided by the hacker in his post

OpIndia reached out to Bookchor

We got the contact information of one of the founders, Vidyut Sharma. On calling him, Sharma said that he was busy with some work and will get back over the phone soon. We will update the report with his comment when he reverts to us.

What can Bookchor users do?

As a Bookchor user, there is nothing much you can do about the leak other than questioning the company about the data breach. As it seems the data contains contact information and possibly the password of the users, it is better to change your password. If the password you have used on Bookchor was the same as your email ID or any other important account, make sure to change the password there too.

As more details come in, we will update the story.  

Join OpIndia's official WhatsApp channel

  Support Us  

Whether NDTV or 'The Wire', they never have to worry about funds. In name of saving democracy, they get money from various sources. We need your support to fight them. Please contribute whatever you can afford

Anurag
Anuraghttps://lekhakanurag.com
B.Sc. Multimedia, a journalist by profession.

Related Articles

Trending now

Modi govt eliminates 5.8 crore fake ration cards through e-KYC and Aadhar verification, revolutionises India’s Public Distribution System

India's Public Distribution System serves 80.6 crore beneficiaries and uses electronic Know Your Customer (eKYC) verification and Aadhaar-based identification.

Indian regulator CCI imposes Rs 213 crore penalty on Meta over sharing WhatsApp data with other entities, Meta to file appeal

The Commission also highlighted anti-competitive practices arising from the sharing of user data between Meta entities. Sharing WhatsApp user data with other Meta companies for purposes beyond providing WhatsApp services creates significant entry barriers for competitors, violating Section 4(2)(c) of the Act.
- Advertisement -