The personal data of users of a popular Indian matchmaking website Bharatmatrimony.com has been compromised and was made available for sale on the dark web, claims Atlanta-based cybersecurity firm Cyble.
The cybersecurity firm alleged that a threat actor, a person or entity involved in cybercrime, claimed to be in possession of leaked data from the matrimonial site, which has a huge customer base in India with offices in Dubai, Sri Lanka, the United States, and Malaysia.
Customer data worth 1.7 GB, which is the equivalent of $500 worth of Bitcoins was up for sale. It includes sensitive personal information like names, phone numbers, user IDs, location, and date and time of account creation.
Commenting on the issue to Cyble, Bharatmatrimony stated they are aware of the security issue and there has been no breach of the "active database" of users.
"..What has been reported belongs to an old database and no sensitive information has been compromised, as we continue to follow the highest order of industry encryption for our customers", Bharatmatrimony said in a statement.
The matrimonial site stated that they are still investigating the matter and cannot confirm or deny an SQL vulnerability. SQL or Structured Query Language is a programming language used to organise and retrieve information in relational databases.
The data of the company's subsidiary Elitematrimony has also been breached.