RentoMojo, an online rental furniture start-up, has reported a data breach that has exposed the personal information of some of its subscribers. The start-up informed its customers about the breach through an email and assured them that their financial data is still safe. 

The email stated that the attackers gained unauthorised access to customer data by exploiting the cloud misconfiguration through extremely sophisticated attacks, thus breaching one of the company’s databases. However, it was mentioned that financial information such as credit cards, debit cards or UPI is not affected as the company never stores them in its database.

As part of the investigation process, RentoMojo is securing the database and encrypting all information stored in it. The company is also implementing multi-factor authentication for additional layers of protection, conducting ongoing security audits and vulnerability assessments to identify and mitigate further risks, implementing Endpoint Detection and Response for network, and reviewing all third-party and open-source plugins and integrations. 

RentoMojo was founded in 2014 by Achal Mittal, Ajay Nain and Geetansh Bamania. The start-up’s app has more than 1 million downloads and 1 lakh subscribers who are likely to be impacted by the data breach.

Data breaches have become a frequent incident with the growing reliance on digital databases. Many businesses of different sizes and from varied industries, such as Air India, Domino’s India, Upstox and Uacademy, have faced cyber attacks in the past. 

In a recent case, the Cyberabad police of Telangana busted a data theft gang accused of stealing data from 669 million user accounts from 24 states and eight metropolitan cities of India. The gang had stolen data from several Indian tech start-ups, including BYJU’S, Vedantu, Paytm, PhonePe, Zomato, PolicyBazaar, CRED, BigBasket and Upstox.